Web security is a serious risk. Data breaches cost U.S. companies an average of $5.4 million in 2013. To put it in a perspective that scales with your business, that’s an average of $194 per compromised record (2013 Cost of a Data Breach: Global Analysis, Ponemon Institute and Symantec, June 2013). How many customer records does your application have?
At Credera, one of the ways we help our clients is by helping them safely and expertly craft web applications with minimal vulnerabilities. We are able to deliver this by coupling our experience building several Fortune 500 websites with industry best practices, such as the research done by the Open Web Application Security Project (OWASP).
Each year, OWASP publishes a top 10 list of security threats to web applications. This year’s list includes the following:
10. Unvalidated Redirects and Forwards
9. Using Components With Known Vulnerabilities
8. Cross-Site Request Forgery (CSRF)
7. Missing Function Level Access Control
4. Insecure Direct Object References
3. Cross-Site Scripting (XSS)
2. Broken Authentication and Session Management
Drum roll, please…
And the number one web application vulnerability is…
In the coming weeks we’ll look at each item on the list in detail by helping to define and simplify the problem, discussing common solutions, and sharing some of the ways we help our clients go above and beyond in integrating these approaches into their Software Development Life Cycle.
Look forward to the OWASP Top 10!
Be sure to follow us on Twitter or LinkedIn for more great tips. Have a question related to the blog series or web security in general? Use the comments section below to join the conversation.