{"id":10135,"date":"2016-04-19T10:55:00","date_gmt":"2016-04-19T15:55:00","guid":{"rendered":"http:\/\/www.mrc-productivity.com\/blog\/?p=10135"},"modified":"2023-03-13T16:00:56","modified_gmt":"2023-03-13T21:00:56","slug":"5-important-web-application-security-trends-of-the-near-future","status":"publish","type":"post","link":"https:\/\/www.mrc-productivity.com\/blog\/2016\/04\/5-important-web-application-security-trends-of-the-near-future\/","title":{"rendered":"5 important web application security trends of the near future"},"content":{"rendered":"

\"Education\"Summary: As security breaches rise, enterprise web application security is an increasingly important topic. You must stay ahead of evolving security trends in order to keep your data and applications safe. How will web application security evolve in the coming year? What web application security threats can we expect in the near future? In this article, we explore web application security trends of the near future and explain why they’re important.<\/em><\/span>
\n<\/a><\/p>\n

Security breaches are on the rise. Sensitive data gets compromised on a seemingly daily basis. These breaches create negative publicity, and lead to huge financial losses.<\/p>\n

Can you guess which aspect of your business systems hackers target the most? As mentioned in this article<\/span><\/a>: \u201cAccording to numerous studies, the preferred method for attacking businesses\u2019 online assets is via their Web applications.\u201d What\u2019s worse, a recent report<\/span> found that over half of all web applications suffer from commonly known vulnerabilities.<\/p>\n

As more data moves to the web, and businesses create more web applications, this threat is only increasing. How can you protect your business applications?<\/p>\n

The first step: Recognize the risks, and stay ahead of the curve. Understand where web application security is now, and where it\u2019s heading. Do you know what application security threats we can expect in the near future? Do you know how web application security evolving?<\/p>\n

Today, let\u2019s answer these questions. While the list could certainly be longer, here are 5 important trends in web application security to watch for in the near future.<\/p>\n

1. Increased application demand leads to vulnerable applications<\/h3>\n

In a recent article<\/span><\/a>, we examined an unsettling fact: Most business applications still suffer from commonly-known security flaws. We\u2019re not talking about new vulnerabilities. We\u2019re talking about commonly recognized–and easily fixable–security flaws that businesses have known about for over a decade.<\/p>\n

What\u2019s more, these threats can create irreparable damage to a business.<\/p>\n

Why? We explored a few reasons in the article mentioned above, but there\u2019s one overriding issue. There\u2019s an increasing demand for new business applications–a trend that will only grow. More and more, the demand outpaces the organization\u2019s ability to create them.<\/p>\n

As a result, we\u2019re seeing two things happen. First, we have an increased number of new developers, rushing to meet project deadlines. In the struggle to meet these deadlines, security suffers.<\/p>\n

Second, we have more development outsourced. As explained below, this becomes a problem when the outsourcing firm doesn\u2019t understand the organization\u2019s security needs.<\/p>\n

\u201cThe desire by many businesses to build and launch new apps has outpaced these organizations\u2019 ability to staff application development teams,\u201d explains Ben Desjardins, Security Expert at Radware<\/span><\/a>. \u201cThe result is a trends towards outsourced application development, often leveraging inexperienced development shops following abstract requirements with limited understanding of the security requirements that may exist in various industries or for particular use cases. This often leads to fundamentally insecure apps that are prone to the myriad attack tools available that find and exploit known vulnerabilities in underlying application components.\u201d<\/p><\/blockquote>\n

2. Unsanctioned cloud apps create a larger security risk<\/h3>\n
\"photo
photo credit: PublicDomainPictures<\/a> via pixabay<\/a> cc<\/a><\/figcaption><\/figure>\n

Another problem created by the growing application demand: Shadow IT. Now, this isn\u2019t a new trend, but it is on the rise. As its growth continues, we can expect it to greatly impact security.<\/p>\n

What\u2019s happening? End users are bypassing the IT department in favor of third-party, cloud-based solutions. Rather than waiting around for a solution from IT, they can now pull out a credit card and get up and running that day.<\/p>\n

While this sounds great from a business user perspective, it creates a problem. This practice takes company data outside of the IT department\u2019s control. When employees purchase and use third-party solutions, IT cannot manage and secure the data. Worse yet, they cannot evaluate the solution\u2019s security.<\/p>\n

What can you do about it? We won’t get into all the details here, as we covered a few ways to address Shadow IT<\/span><\/a> in a previous article. But, do not ignore the problem. As explained below, it\u2019s running rampant, and will continue to grow worse.<\/p>\n

\u201cIn the future, we should expect more threats coming from unsanctioned cloud apps: On average 730 unsanctioned apps get connected to corporate cloud and used in an organization for a large spectrum of business activities,\u201d says Adam Moisa, the CEO and Co-Founder of Compaaslabs.com<\/span><\/a>. \u201cThis figure is even more frightening if we think that 94% of these apps are not enterprise-ready, leading to 95% of data exposure due to employee negligence.\u201d<\/p><\/blockquote>\n

3. Stolen credential attacks rise<\/h3>\n

As people place more and more of their information online, stolen credential attacks are on the rise. Why is this so important? Stolen credential attacks can completely nullify all of your security efforts.<\/p>\n

How so? As you know, many users have awful security habits. They reuse their login credentials across many sites. So, if a hacker gets a hold of one of your user\u2019s credentials for one site, chances are good that they can access other applications as well.<\/p>\n

\u201cFor many years, attackers have employed tricks such as cross-site scripting (XSS) and SQL injection (SQLI) to attack web sites,\u201d says Mark Huss, senior consultant at SystemExperts<\/span><\/a>. \u201cAlthough these still are in regular use, the landscape is changing; stolen credentials now account for over half of all web attacks. This is an understandable progression \u2013 why fight to come up with a clever injection attack when credentials and credit card information are available in mass quantity, and cheaply? In addition, web browsers are getting better at defending against scripting attacks, and long-time targets such as Adobe Flash are falling out of favor.\u201d<\/p><\/blockquote>\n

4. Two-factor authentication becomes a must in the enterprise<\/h3>\n
\"Two
Two factor authentication requires two forms of identification before granting access to an account.<\/figcaption><\/figure>\n

One way to fight the stolen credential attack: Set up two-factor authentication on your business applications. What is it? I\u2019ll briefly explain the concept here, but you can read more about two-factor authentication in this article<\/span><\/a>.<\/p>\n

In short, it adds a second level of security to an account login. Rather than identifying a user with a single factor (username\/password), it adds a second identification factor to the login process\u2013usually a pin number delivered via sms to the user\u2019s mobile device. It\u2019s designed to maintain security, even if a user\u2019s login credentials are compromised.<\/p>\n

Now, two-factor authentication is not a new trend. It\u2019s already used in popular web services like Gmail, Twitter, Linkedin, etc\u2026 However, it\u2019s sparsely used in the business world. But, with the rise of security breaches, two-factor authentication is quickly becoming a must-have in the business world.<\/p>\n

\u201cOne trend that is noticeable is role-based authorization and multi-factor authentication, with significant focus on secure session management,\u201d says Balaji Jayaraman, DevOps Head at Chargebee<\/span><\/a>. \u201cMulti-factor authentication is becoming a standard in order to access sensitive and critical data that builds a kind of layered defense for preventing unauthorized access to applications or physical devices. Role based authorization makes sure the access is restricted to necessary roles which will minimize the scope even when targeted.\u201d<\/p><\/blockquote>\n

5. The security skills gap drives the growth of third-party tools<\/h3>\n

Businesses often approach security with a false assumption. They assume that their developers understand security, and will build it into their applications.<\/p>\n

Now, that\u2019s true to an extent. A developer will understand the security basics. But, you can\u2019t assume your developers are security experts. Their job centers around developing applications–often with a tight deadline.<\/p>\n

Can they possibly compete with hackers who spend their days trying to attack web applications? Of course not.<\/p>\n

The fact is, we\u2019re facing a security skills gap. Most companies do not have the personnel in-house to create truly secure applications. As security breaches increase, we\u2019ll see more and more businesses turn to third party tools to bridge this gap.<\/p>\n

\u201cThe future of web application security lies with third party tools. The vast majority of web developers are NOT security experts and will continue to make mistakes that leave the door open to hackers,\u201d says Yaron Guez, Chief Software Architect at Crypteron<\/span><\/a>. \u201cBy adopting third party developer tools and security platforms, developers will harden their web applications while avoiding re-inventing the wheel and saving months of time. This is in line with the trend toward the cloud in general. Just like developers don’t have to build and maintain their own fleet of servers anymore, instead relying on Amazon, Microsoft and Google for their infrastructure concerns, the move towards security tools and platforms is following a similar path.\u201d<\/p><\/blockquote>\n

Summary<\/h3>\n

These are just 5 trends in web application security, but the list could certainly be much longer. If you would like to add anything to this list, I\u2019d love to hear it. Feel free to share in the comments.<\/p>\n","protected":false},"excerpt":{"rendered":"

Summary: As security breaches rise, enterprise web application security is an increasingly important topic. You must stay ahead of evolving security trends in order to keep your data and applications safe. How will web application security evolve in the coming year? What web application security threats can we expect in the near future? In this …<\/p>\n

5 important web application security trends of the near future<\/span> Read More »<\/a><\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"default","ast-global-header-display":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","slim_seo":{"title":"5 important web application security trends of the near future - mrc's Cup of Joe Blog","description":"Summary: As security breaches rise, enterprise web application security is an increasingly important topic. You must stay ahead of evolving security trends in o"},"footnotes":""},"categories":[8],"tags":[71],"class_list":["post-10135","post","type-post","status-publish","format-standard","hentry","category-education","tag-security"],"_links":{"self":[{"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/posts\/10135","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/comments?post=10135"}],"version-history":[{"count":7,"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/posts\/10135\/revisions"}],"predecessor-version":[{"id":14651,"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/posts\/10135\/revisions\/14651"}],"wp:attachment":[{"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/media?parent=10135"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/categories?post=10135"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/tags?post=10135"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}