sss Appsec 101   Executive Summary     Online Training     White Papers     Industry Overview Technical Overview Technical Challenges Business Process Overview Industry Overview Why is there such an increasing focus on web application security? Regulation There is an increasing tide of regulation regarding the protection of confidential data. Sarbanes-Oxley mandates security for financial transactions. Gramm-Leach-Bliley mandates safeguards for consumer financial information. CA SB1386 - requires notification of data loss in California; failure to do so can result in criminal prosecution. More than 20 states are considering similar regulation. The FDIC has ruled that banks must inform customers of data loss. Fines Visa and MasterCard are imposing significant fines on companies that lose customer data. Reputation Large corporations spend tens of millions of dollars to enhance the value of their brands. The public fascination with news stories about identity theft has resulted in an avalanche of damaging stories every time there is an incident. A Google search of “Ralph Lauren” “Identity Theft,” for example yields 12,500 results. Increasingly Capable Hackers According to John Pescatore of Gartner Group, "...close to 80% of today's attacks are tunneling though Web Applications." Hackers are becoming increasingly aware of the opportunities to steal customer data. According to Robert Richardson, CSI's editorial director “The crooks are shifting their focus [to stealing the personal information of individuals], that's where the money is.” The Computer Crime and Security survey, conducted by the Computer Security Institute and the FBI, found that 95% of respondents had experienced more than 10 Web-site incidents during 2004, up from 5% in 2003. Why are web application security vulnerabilities so widespread? By default, web applications are an open pipe to any databases they connect to. In the absence of filters to prevent database access, hackers can easily access, modify and destroy confidential data. Development teams must proactively create secure application code regulating all customer inputs or they will be vulnerable.

HOME	SOFTWARE	SERVICES	SOLUTIONS	COMPANY	NEWS	CONTACT US
Copyright © NT OBJECTives, Inc. All Rights Reserved.