• Home |
• Products |
  • Products Overview
  • Mykonos Security Appliance
  • Mykonos Framework
  • Solutions
  • Support
• Resources
|
• Partners
|
• News & Events |
• About Us |
  • Company Overview
  • Management Team
  • Board of Directors
  • Careers
  • Support
  • Contact Us

Web Application Security Trends

When 90% of security spend is at the network layer but 70% of the threats are at the Web application layer there is disconnect between real security and compliance based security solutions.

Web applications are the ‘Achilles heel’ of corporate IT security. Web application attacks continue to escalate worldwide. The truth is that the web presentation layer for your application is the front door to your corporate data. If it’s only casually secured, your data is at risk. Malicious users can use a variety of commoditized techniques to take advantage of vulnerabilities such as cross-site scripting, SQL injection, and broken session management to inspect your application in unintended ways, understand your underlying data structure, and even pull down entire databases.

These risks are exacerbated by the use of advanced Web coding techniques such as AJAX that provide an enhanced user experience, but push more application logic to insecure endpoints (JavaScript running in a Web browser), and require many more exposed interfaces. All of these interfaces are entry points into your application logic, and can be used to get at your data.

Together with the complexity of the many compliance requirements, such as PCI, HIPPA, Sarbanes Oxley, and GLBA/FFIEC, web application security is a difficult proposition to address. It’s not unusual for a compliant organization to be attacked and suffer a significant software security data breach. Real-time protection to detect and gain intelligence about hackers is far more valuable than simple compliance.

The current approaches to defending against Web application attacks on the market today include:

1. Scan the production application to identify vulnerabilities
2. Scan the source code to identify vulnerabilities
3. Reconfigure the Web Application Firewall to paper over vulnerabilities

The problem is that none of these approaches offer real-time security or help you gain intelligence about the attacks against your Web applications. Only Mykonos is concerned with building Web applications using a secure-by default framework that is dynamically updated with new security features in real-time. And only the Mykonos Security Appliance is capable of identifying and gaining real-time intelligence about hacker attacks and responding with counter-measures.

Mykonos. Where Code-Level Web Application Security is Gaining Intelligence.