DigitalVision/Getty Images
How do I improve web application security? originally appeared on Quora: the place to gain and share knowledge, empowering people to learn from others and better understand the world.
Answer by IBM Security, Outthink security threats with intelligence, integration, and expertise, on Quora:
Preethy Soman, IBM Market Segment Manager:
“Every morsel of data that’s less than ‘fully secure’ is an opportunity for hackers to execute potential data breaches. Consumer data, sensitive business information, monetary transactions and business reputation; they’re all at stake. While it is important to stay focused on finding existing security vulnerabilities, it’s even more important to ensure that your web applications leverage best security practices to find vulnerabilities very early in the Software Development Life Cycle (SDLC), drastically reducing the probability of potential data breaches or threats.
Here are some best practices to improve your web application security program:
1) Ensure you have a strong application security program in place.
Underestimating the importance of web app security is a ticking time bomb. A single web app vulnerability can lead to a monumental data breach that can shake even the largest of businesses down to its foundation, possibly causing negative publicity, hefty financial penalties, and the loss of public trust. Investing in ensuring the security of web apps by adopting industry-recognized app development best practices, like the OWASP Top 10, and using web app vulnerability testing tools, like IBM Security AppScan, are essential practices. AppScan has extensive reporting capabilities and comes with a variety of industry-standard web app vulnerability report types, which can be used to provide evidence and peace of mind that a web app has been developed with security in mind.
2) Find and fix vulnerabilities early in the SDLC.
Knowing which vulnerabilities to focus on is just as important as knowing about the vulnerability in the first place. The instant a web app is made available online, it becomes a target of a cyber attack. IBM Security AppScan is a leading application security testing suite that’s designed to help manage vulnerability testing throughout the SDLC. IBM Security AppScan automates vulnerability assessments and scans and tests for all common web app vulnerabilities, including SQL injection, cross-site scripting (XSS), buffer overflow, and new flash/flex app and Web 2.0 exposure scans. You can consult our recent blog to learn more about increasing application security testing coverage with cognitive computing.
3) Know your apps and prioritize them.
It’s quite surprising that most organizations are still unaware of the number of web applications they have or where they reside. Hacking web applications is easier than you think, hence it’s important to identify and prioritize your organization’s apps according to their significance and test them for vulnerabilities. IBM Application Security on Cloud, offered by the company I currently work for, helps secure your organization's Web and mobile applications, by detecting dozens of today's most pervasive published security vulnerabilities. IBM Application Security on Cloud helps to eliminate vulnerabilities from applications before they’re placed into production and deployed. Convenient, detailed reporting permits you to effectively address application security risk, enabling your application users to benefit from a more secure experience.
We also encourage you to learn more about what’s new in IBM Security Application Security Testing for mobile and web applications, by visiting our blog link above.”
Any information IBM provides is not legal advice.
This question originally appeared on Quora - the place to gain and share knowledge, empowering people to learn from others and better understand the world. You can follow Quora on Twitter, Facebook, and Google+. More questions: