General lack of improvement in web application security during COVID
A report from Acunetix, The Invicti AppSec Indicator, Spring 2021 Edition: Acunetix Web Vulnerability Report, came out with the conclusion that web application security has fallen victim to the ongoing COVID-19 pandemic. The report revealed that:
- Due to the pandemic, organizations have had to redirect their IT resources. With work from home that has been imposed on many companies, along with other changes forced by the pandemic, companies have delayed web application projects. The result was that fewer web applications were updated and/or created. As a result, they introduced fewer vulnerabilities.
- On the other hand, many companies have shifted their security efforts towards endpoint security for work from home systems. This, in turn, meant that security teams lacked the resources to address many web application security issues, including those discovered in 2019 or earlier.
Based on these two trends, the report concluded that there was a general lack of improvement in the level of web application security. From other reports, we know that cyberattacks have increased during the pandemic. With the lack of improvement in web application security in organizations, 2020 has been quite a bad year for web application security as a whole.
Take a page from NIST to improve application security
There are a number of simple steps an organization can take to improve its web application security posture. It all starts at the very beginning of app development, and this ensures that developers consider security when developing and coding apps. Second, ensuring that software and operating systems are kept up to date, with the latest updates and patches to ensure that known vulnerabilities that have patches are not exploited.
In addition to these two fundamental elements of application security, there is always a need to ensure the security of web applications running in production, especially against threats that are missed or not secured by network or system level security. The OWASP Top 10 Web Application Security Risks are a great example of risks that are typically not protected by network or system level security.
It’s important to remember to have a security framework that provides a defense-in-depth architecture. It may be time to take inspiration from the recent finalization of SP800-53 from the National Institute of Standards and Technology (NIST) which was just released on September 23, 2020. The new security and privacy framework standard requires now Self-Protection (RASP) and Interactive Application Security Testing (IAST) as additional security layers in the framework.
Change the way you protect your applications and learn about K2’s web application and application workload security solutions and evaluate K2’s effectiveness in detecting vulnerabilities and protecting your organization from attack.
Learn more about K2 today by requesting a demo or getting your free trial.
The post General lack of improvement in web application security during COVID appeared first on K2io.
*** This is a syndicated blog from K2io’s Security Bloggers Network written by Timothy Chiu, VP of Marketing. Read the original post at: https://www.k2io.com/general-lack-of-improvement-in-web-application-security-during-covid/