Securing web applications and infrastructure

  • techUK techUK
    Tuesday13Jan 2015
    Reports

    This guidance aims to identify the vulnerabilities that are being detected by the security industry, explain the problems they cause and suggests ways of avoiding them.

Securing web applications and infrastructure

Web based applications are growing vastly in number. They are being developed extremely quickly and on multiple different platforms. On top of this, the level of skill required for their development is becoming less and less.

Web applications can provide significant benefit to consumers and businesses and as we move towards an Internet of Things and continue the development of better and faster mobile platforms, their importance will continue to grow.

Software engineers and industry in general have a responsibility to ensure that their products are developed in a manner that is as secure as possible. This is true even if software is simple or does not deliver a function that is safety critical, like the processing of personal data for example.

The level of cyber threat to UK business is significant. To quote the 2014 Information Security Breach Survey (published by BIS), some attacks caused more than £1 million of damage and 87% of small firms experienced a security breach last year, up 10%. 93% of large organisations had also been targeted.

However, the problem is that some of the vulnerabilities being exploited have existed for a significant period of time and are well understood by both criminals and developers. Potential solutions to them are widely available and easy to find.

This guidance aims to identify the vulnerabilities that are being detected most recently by the security industry, explain the problems they cause and suggests ways of avoiding them. No software is ever 100% secure and the level of security required does depend on the environment the application operates in. However, we suggest that there is a basic level of care needed to be taken when developing applications.

Securing web applications and infrastructure - A techUK... (pdf)

FROM SOCIAL MEDIA

Big questions on maintaining UK-EU free flows of data post-Brexit highlighted by @CharlotteHollo via @telebusiness https://t.co/djpf5SJbIB
Thrilled to have Thibaut Rouffineau @thibautR of Canonical speaking at #PayInnov17. Book your place now: https://t.co/vkzDepuP65
We're looking forward to the #IoT & #Data drinks reception with sponsor @Accenture on 27 April. For info visit: https://t.co/7aMnWvqFs6
Plenty of exciting data driven industry initiatives on display in our third #UnlockData breakout session… https://t.co/SEenRKveK0
Our second #UnlockData breakout on the value of emerging data technologies in payments, chaired by @ChannelSwimSuehttps://t.co/7jCPuET7N2
Our first #UnlockData breakout session focused on compliance with regulation - tech solutions @PaymentsUK https://t.co/wJ4oaiHIwu
.@neirajones shares her concerns about survey showing our audience don't feel prepared for GDPR https://t.co/VKCNZAPEJJ
.@Tier3huntsman discussing our options to #unlockdata. How does automation look in practice? https://t.co/Jvj6Kwg9VJ