Web applications are a common attack vector and many companies are keen to address this threat. Due to their nature, web applications are located in the extranet and can be exploited by malicious attackers from outside of your corporate network. I managed a project which reduced the risk of the company’s systems being compromised through application level flaws. It improved the security of internet facing applications by:
- Fixed over 30,000 application level flaws (e.g. cross-site scripting, SQL injection, etc) across 100+ applications.
- Introduced a new testing approach to build secure coding practices into the software development life cycle and to use static and dynamic scanning tools.
- Embedded continuous application testing capabilities.
- Helped raise awareness of application security issues within internal development teams and third parties.
- Prompted the decommissioning of legacy applications.
Image courtesy Danilo Rizzuti / FreeDigitalPhotos.net