Uncategorized60% of Organizations had an OWASP Top 10 Attack in the Last Year

Blog

May 3, 2021 Timothy Chiu, VP of Marketing
60% of Organizations had an OWASP Top 10 Attack in the Last Year

An ESG report on Modern Application Development Security released in August of 2020 found that 60 percent of organizations had experienced an attack on an OWASP Top 10 vulnerability in the prior 12 months.  The increase in attacks happened at the same time that organizations were increasing their investments in application security programs.

The dichotomy between these two findings supports the need for most organizations to improve their application security stance.  This need is especially important given many organizations were also found to ship code with known vulnerabilities, meaning vulnerable code is running in production in many organizations.

Take a Page from NIST to Improve Application Security

There are a number of simple measures an organization can take to improve their web application security stance.  First starts at the very beginning of application development, and that’s making sure developers take security into consideration when developing and coding applications.  Second, is making sure that software and operating systems are kept up to date, with the latest updates and patches to ensure known vulnerabilities that have patches are not exploited.

In addition to these two fundamental starts to application security, there’s still a need to ensure security for web applications running in production, especially against threats either missed or not typically secured by network or system level security.  The OWASP Top 10 Web Application Security Risks are a great example of risks that aren’t typically protected with network or system level security.

It is important to remember to have a security framework that offers a defense-in-depth architecture.  Maybe it’s time to take a hint from the recent finalization of the National Institute of Standards and Technology (NIST)’s SP800-53 that was just released on September 23, 2020.  The new security and privacy framework standard now requires Runtime Application Self-Protection (RASP) and Interactive Application Security Testing (IAST) as added layers of security in the framework.

Change how you protect your applications, and check out K2’s web application and application workload security solutions and evaluate K2’s effectiveness at detecting vulnerabilities and protecting your organization from attacks.

Find out more about K2 today by requesting a demo, or get your free trial.

 

 

Share this

Leave a Reply

Your email address will not be published. Required fields are marked *

K2 CYBER SECURITY

K2 Cyber Security delivers the Next Generation Application Workload Protection Platform to secure web applications and container workloads against sophisticated attacks including OWASP Top 10 and memory-based attacks, and provides additional vulnerability detection. K2’s Platform is deployed on production servers for runtime protection of applications and on pen-testing/pre-production servers to identify the location of the vulnerable code in real-time. K2’s solution generates almost no false alerts, eliminates breaches due to zero-day attacks, detects attacks missed by traditional security tools including Web Application Firewalls, and dramatically reduces security cost. K2 Cyber Security is located in the USA, and provides cyber security solutions globally.

CONTACT INFO

K2 Cyber Security, Inc.

2580 N. First Street, #130

San Jose, CA 95131