Recent reports have shown applications are making it to production with more vulnerabilities than ever, and attacks on web applications have doubled in the most recent year. It's really time to change how we think about application security, how we protect our applications, and how we detect attacks.
HomeAuthorTimothy Chiu, VP of Marketing, Author at K2io
If you're looking for more information on the latest update to the NIST (National Institute of Standards and Technologies) Security and Privacy Framework outlined in SP800-53, there's a new article just published in the Cutter Business Technology Journal detailing the changes, the timing and an explanation of the new technologies (RASP and IAST) added to the framework.
A Ponemon study released in 2019 showed that satisfaction with WAFs (Web Application Firewalls) is at 40 percent, and effectiveness of WAFs rated at only 43 percent.
The final numbers for reported vulnerabilities in 2020 are published. We covered the news when the number of vulnerabilities recorded hit a record for the fourth year in a row. The US-CERT Vulnerability Database keeps track of new vulnerabilities in production code as they are discovered and assigns each unique vulnerability with a "CVE" number.
If you're new to web application security and you're looking for a primer to get yourself educated, there's a recent article published by the EC Council that covers the basics of what web applications are, why web application security is important.
Back in June of 2020 we wrote about Forrester's new 2020 State of Application Security report. Back then we focused on the finding that application vulnerabilities were the weakest link in application security. In this post, we'll talk about the finding that 35% of all external attacks on organizations occurred through a web application,
Analytics Insight ran a recent article on the "Ten ways to ensure web application security," a good reminder that there are many steps an organization can take to ensure security for their web applications in the face of larger numbers of attacks and increasingly sophisticated attacks
As we approach the new year, many of us are hoping for a new normal in 2021, at least something not so crazy as 2020 has been. Traditionally the new year has also meant a time of reflection, and a time to make resolutions for the new year. Here at K2, we'd like to help you with your new year's resolutions, specifically those that revolve around web application security.
On December 15, 2020 we just hit another milestone with the number of vulnerabilities recorded in the US CERT Vulnerability Database (so far in 2020) exceeding the total count in 2019, marking a fourth record year of vulnerabilities discovered in production code.
During the 2020 COVID-19 pandemic, we've seen organizations increase their use of the cloud, partly to accommodate the increase in employees working from home, and partly as the increase they had already been planning on in their move to the cloud. While companies have been increasing their use of the public cloud, security hasn't necessarily been keeping up, as we've seen significant breaches and attacks on applications hosted in the public cloud due to misconfiguration as well as vulnerabilities.