An ESG report on Modern Application Development Security released in August of 2020 found that 60 percent of organizations had experienced an attack on an OWASP Top 10 vulnerability in the prior 12 months. The increase in attacks happened at the same time that organizations were increasing their investments in application security programs.
The dichotomy between these two findings supports the need for most organizations to improve their application security stance. This need is especially important given many organizations were also found to ship code with known vulnerabilities, meaning vulnerable code is running in production in many organizations.
Take a Page from NIST to Improve Application Security
There are a number of simple measures an organization can take to improve their web application security stance. First starts at the very beginning of application development, and that’s making sure developers take security into consideration when developing and coding applications. Second, is making sure that software and operating systems are kept up to date, with the latest updates and patches to ensure known vulnerabilities that have patches are not exploited.
In addition to these two fundamental starts to application security, there’s still a need to ensure security for web applications running in production, especially against threats either missed or not typically secured by network or system level security. The OWASP Top 10 Web Application Security Risks are a great example of risks that aren’t typically protected with network or system level security.
It is important to remember to have a security framework that offers a defense-in-depth architecture. Maybe it’s time to take a hint from the recent finalization of the National Institute of Standards and Technology (NIST)’s SP800-53 that was just released on September 23, 2020. The new security and privacy framework standard now requires Runtime Application Self-Protection (RASP) and Interactive Application Security Testing (IAST) as added layers of security in the framework.
Change how you protect your applications, and check out K2’s web application and application workload security solutions and evaluate K2’s effectiveness at detecting vulnerabilities and protecting your organization from attacks.