The Silicon Review - Best Business Review Magazine 10 Best Security Companies 2019 | Page 34
Modern Web Applications and Their
T
he recent years have
witnessed a constant increase
in the number of security
breaches. News regarding such
activities is non-stop, and therefore,
organizations need to realize that
they have to fundamentally rethink
their approach to protect their
applications and data. It has been
found that a significant amount
of the security issues have come
from a new generation of attacks
that specifically target application
programming interfaces, which
have resulted in infringements at
firms like Panera Bread, T-Mobile,
Verizon, etc. In addition to that,
even Google and the United States
Postal Service (USPS) have been
known to show some major API
vulnerabilities.
34
What’s alarming particularly is
that breaches of these sorts are
hard to detect; sometimes they go
undetected for months together
and even years despite the fact
that organizations have deployed
advanced security systems and
practices that are meant to
safeguard them. The problem lies
in the dependence of organizations
on security approaches that used
to work in many environments
earlier. But times have changed
now. The situations that existed
before are fundamentally different
from the ones that are prevalent
in organizations now. Therefore,
a new security perspective is
necessary. Firms can opt for
modern SaaS, mobile, web, micro-
APRIL 2019
services and IoT applications that
offer a wide range of assets and
security levels for different areas.
Applications Tend To
Evolve With Time
In earlier times, the applications
and data that had to be secured
were very simple when compared
to the present day applications.
Back then, basic and simple
security solutions did the job of
keeping hackers at bay while also
offering broad and unmonitored
access to authorized users. Their
major components of defense were
WAFs or typical web application
firewalls focused on perimeter
protection and guarding against
known or predictable attacks, and
that kept most of the hackers in
search of undefended targets away.
But, with time, the way in which
modern applications are built and
deployed has evolved so that they
can function effectively in both
small and large organizations. Even
application programming interfaces
have multiplied across application
environments to enable a greater
access to a much broader range
of users. At the same time, the
quantity and sensitivity levels of
the data generated and transmitted
by applications have proliferated.
Today, performing complicated
tasks can be done by just using a
laptop and mobile devices with web
browsers. This means that process
that required to be handled on the
server side behind the firewall have
shifted to the client side making it
more complex than ever.
Increasing Complexity
in Applications
Increases Opportunities
for Hackers
Gradually, hackers have found out
new ways to use the complexity
and uniqueness of present
day application structures to
their advantage. And as every
organisation and application
has a unique vulnerability, this
generation of security breaches
can’t be identified by a signature.
Moreover, it’s very tough for
developers to think in the exact
dubious ways that an attacker does
as the expertise of a developer only
centres on functionality and not
security.
Therefore, instead of expecting
sound development practices
aimed at nullifying security threats,
protecting the modern environment
with proactive ‘monitor and
respond’ approach holds paramount
importance. It’s completely
unreasonable to have an approach
that only focuses on secure
perimeters and access controls.
The APIs that form the core
of today’s applications are as
complicated and one of a kind as
the environments to which they
connect, and in their unique logic is
where hackers find vulnerabilities
and take advantage. So an effective