Vulnerability assessment integration with web application firewalls
Only a few years ago, experts warned of the precarious state of website security – stating that it was only a matter of time before malicious attacks escalated if we did nothing. Some listened, most didn’t, time marched on, and now the grace period is over. Daily headlines are now a ticker tape of breaches. Serious attacks against 7-11, Hannaford, Heartland, U.S. Army, Twitter, Apple, the New York Times, the University of California, Berkeley, and thousands of other prominent and lesser-known organizations have had their insecure web application code targeted. According to Websense, “70 percent of the top 100 most popular websites either hosted malicious content or contained a masked redirect to lure unsuspecting victims from legitimate sites to malicious sites.”
Even for the most proactive organizations, finding and fixing flaws in website code is complex, time and resource intensive, and not immune to the accidental introduction of new risks. IT security often has difficulty convincing software development groups that feature enhancements or operational bug fixes should be disrupted to address security issues which may have yet to cause an incident. Additionally, for organizations that have outsourced part or all of their custom development efforts, this might result in the rehiring or attempt to rehire consultants that have long since moved on.