Web App Security

Web App Security Concerns

Many business owners have moved their main business applications to web-based versions.  Web-based applications offer many advantages.  They have less hardware to support, higher system availability, and simple browser-based access from anywhere in the world.  It’s frequently pitched that these applications are also more secure.  A new study reveals that may not be the case.

The stats aren’t pretty

New research from the cybersecurity firm Positive Technologies indicates that almost half (48%) of web applications are vulnerable to unauthorized access, and 44% place users’ personal data at risk of theft.

This is a big problem for business owners who trust their SASS vendors claims on the reliability and security of their data.  Especially if your business needs to be compliant with HIPAA, PCI, or Sarbanes-Oxley.  It raises important questions that need to be answered about how secure web apps really are.

To further exacerbate the problem, 70% of the apps tested by Positive Technologies proved susceptible to leaks of critical information, and attacks on users were possible in 96% of them.  All the applications seemed to have similar security holes, and 17% of the apps tested allowed an attacker to take full control of the application.

Most of the errors (around 65%) are caused by poor security in application development, while the remaining third were caused by insecure web servers.

What business owners should look for

Business owners need to be vigilant in talking to potential SASS providers about the security they have built into the system.  Not only for secure authentication, but ask if best practices for application security were followed when developing their product.  Where possible you should ask them to provide documentation that their application has been tested by an impartial third party and is secure.

If business owners take these additional steps when vetting potential SASS vendors it will help them to separate the wheat from the chaff and make good decisions on how to protect their sensitive data.

For questions about these and all your security concerns feel free to reach out to our team of professionals at i.t.NOW for advice and strategies on how to keep your critical data secure.