KNOWLEDGE
HUB
F
application
an
security
essential
is
concern.
Every company uses a
variety of web, software,
serve customers and execute internal
functions. Unfortunately, far too many
of these applications are subject to
critical vulnerabilities as a result of
insecure coding practices, flaws in
third-party libraries, and changes in
the cybersecurity threat landscape.
effects
of
web
application
vulnerabilities have been tumultuous
and widespread. We’ve seen huge
8
Issue 10
Vo l u m e 3
Issue 10
or the modern business,
and mobile applications in order to
The
Vo l u m e 3
KNOWLEDGE
HUB
Equifax is not the only
company to fall victim
to a web application
vulnerability. The list
of victims crosses a
wide array of industries
including tech, financial
and education, among
others, with names
like Facebook, Capital
One and Georgia Tech
making headlines for
large-scale breaches.
global corporations fall victim to a
single vulnerability with disastrous
results. Equifax remains the poster
child
for
application
security
awareness. The original September
2017
breach
occurred
when
a
vulnerability in the Apache Struts
tool (used by numerous corporations
and government organizations) was
compromised by hackers. By the
time the breach was discovered, the
personal data of 143 million Equifax
customers was accessed. A settlement
with state and federal investigations
could ultimately cost the company
as much as $700 million dollars.
Meanwhile, more than 200,000 people
have already signed a petition against
the deal demanding Equifax face
stronger accountability.
If incidents like this can happen at
this level, all businesses should be
aware that they too could become
victims of an application breach. The
warning signs are all there. Research
shows that 71 percent of applications
in product contain at least one high-
severity application flaw, with the
average
flaws
number
in
of
production
high-severity
applications
being five. With numerous glaring
vulnerabilities, it’s no wonder that
web applications remain the primary
target for attackers.
So what can be done to protect
businesses from falling victim to web
application
breaches?
Perhaps
a
new path forward is needed. Current
solutions for keeping applications
secure have been developed by the
CISO MAG | November 2019
CISO MAG | November 2019
9