IndigoCube has announced the availability of its Web Application Security Assessment (WASA) service, designed to identify specific vulnerabilities in websites and web-based applications, and then to provide pragmatic remediation actions to correct and avoid future occurrences of the detected vulnerabilities.
“Companies are increasing reliant on Web-based applications to succeed in today’s mobile, open economy, and yet these very applications constitute a critical weakness in their defences—one that’s being actively exploited by criminals,” says Godfrey Kutumela, head: security division at IndigoCube. “IndigoCube’s Web Application Security Assessment (WASA) is a highly effective solution—delivered as a service—to help companies identify their vulnerabilities.”
It’s a growing problem. Forty-two percent of all vulnerabilities can be traced to Web applications, and 90% of all cyber-attacks target Web applications. And the hackers are getting results: 95% of all data leaks are via the Web, and 75% of all successful attacks targeted the Web.
Although successful attacks are usually concealed to protect the company’s reputation, there have been many high-profile cases. In South Africa, the South African Police Services and the South African Post Office have been hacked before, and South Africans featured on the list of clients of the hacked Ashley Madison website for online dating service.
Kutumela says that concern about the security of Web applications has been growing in the corporate world as this type of application becomes more prevalent. CEOs of 43% of the Global Top 500 companies identified application security as an area of high concern.
“However, this concern has not translated into spending priorities, with only 10% of security spending dedicated to Web applications, with the remaining 90% continuing to be gobbled up by the corporate network,” Kutumela says. “This imbalance is something that needs to be rectified, and quickly.”
Web applications are typically developed at speed in response to rapidly changing market conditions, and functionality and user experience are invariably the focus – not security. They exist in a complex environment that prioritises interconnectivity, and they are always online. All of these factors make them especially vulnerable.
IndigoCube’s WASA approach is founded on its long experience and expertise in software development and design.
“Based on our intimate knowledge of how these applications work, we have created a unique approach that includes not only the latest tools but also an intelligent assessment of the application’s architecture and the business context in which it exists,” Kutumela points out. “We create the right threat models and then test against them, creating a test that is rigorous yet quick and cost-effective. At the end of the process, the client will have a clear understanding of what the vulnerabilities of their Web apps are. If required, of course we can then go on to help make the necessary fixes.”