Will Insecure Web Applications Dominate 2016’s News?

1736 0

Ilia Kolochenko, CEO of High-Tech Bridge on the recent story about Citrix’s CMS being hacked into, which he believes should focus more on the insecurity of web applications than the Russian hacker angle.

Ilia Kolochenko, CEO of High-Tech Bridge :

“In 2012, High-Tech Bridge and Frost & Sullivan released a White Paper saying 4/5 network intrusions start directly, or involve, insecure or outdated corporate web applications. However, since then, not many companies changed web application security priority in their risk strategies.

People prefer to spend on mysterious APTs and other highly exaggerated threats, leaving main doors to their companies (web apps) open to everyone. We need to understand that modern web application is not just a website, but a direct access to internal and highly sensitive infrastructure.

The Citrix compromise is not even about weak passwords, it’s about the catastrophic level of web security in general. Such business-critical web application shall never be accessible from the outside without IP fileting and Two Factor Authentication. I don’t even speak about proper privilege segregation and access control within the application.

We need to wake up, otherwise while we are spending millions on wrong threats, hackers will steal everything we have via forgotten web applications.”

Ilia feels so strongly about web application reliability and compliance that his company has launched a free SSL/TLS security testing service and API for users to test their web and email servers against best practice protocols.

High-Tech Bridge has also recently implemented a Live SSL Security World Map, which shows the state of security of recently tested SSL/TLS servers located in all over the world.

About Dr. Muhammad Malik
14633273_10210700617655820_4121757570623647944_oCo-Founder and Editor-in-Chief Information Security Buzz

Dr. Muhammad Malik is renowned security evangelist with a record of achievement improving security posture of organizations through proven leadership in information security marketing, startegy, architecture and innovation for industry leaders IBM, EDS, HP, KPMG and Optus. Recipient of a PhD in Computer Science and Engineering from UNSW, Australia as well as Graduate Diploma in Management from AGSM, Australia with numerous technical certifications in Security: CISSP, CISM and CISA.

In this article