CISO MAG - Free Issues Endpoint Security Powerlist | Page 8

KNOWLEDGE HUB F application an security essential is concern. Every company uses a variety of web, software, serve customers and execute internal functions. Unfortunately, far too many of these applications are subject to critical vulnerabilities as a result of insecure coding practices, flaws in third-party libraries, and changes in the cybersecurity threat landscape. effects of web application vulnerabilities have been tumultuous and widespread. We’ve seen huge 8 Issue 10 Vo l u m e 3 Issue 10 or the modern business, and mobile applications in order to The Vo l u m e 3 KNOWLEDGE HUB Equifax is not the only company to fall victim to a web application vulnerability. The list of victims crosses a wide array of industries including tech, financial and education, among others, with names like Facebook, Capital One and Georgia Tech making headlines for large-scale breaches. global corporations fall victim to a single vulnerability with disastrous results. Equifax remains the poster child for application security awareness. The original September 2017 breach occurred when a vulnerability in the Apache Struts tool (used by numerous corporations and government organizations) was compromised by hackers. By the time the breach was discovered, the personal data of 143 million Equifax customers was accessed. A settlement with state and federal investigations could ultimately cost the company as much as $700 million dollars. Meanwhile, more than 200,000 people have already signed a petition against the deal demanding Equifax face stronger accountability. If incidents like this can happen at this level, all businesses should be aware that they too could become victims of an application breach. The warning signs are all there. Research shows that 71 percent of applications in product contain at least one high- severity application flaw, with the average flaws number in of production high-severity applications being five. With numerous glaring vulnerabilities, it’s no wonder that web applications remain the primary target for attackers. So what can be done to protect businesses from falling victim to web application breaches? Perhaps a new path forward is needed. Current solutions for keeping applications secure have been developed by the CISO MAG | November 2019 CISO MAG | November 2019 9