• Web application are the highest targeted and they are open 24/7 for attack
• Web application have complexity hence more security concerns
• No one sees the big picture in terms of security
Security:
• Virtual patching is good remediation
• There are still SQLi vulnerability
• The ultimate forensics tools
• The only way to know if someone try to hack or already hacked you
• WAF sees the big security picture while apps are not design for security
• Bots are a change to any web site owner, WAF can deal with bots
New technology
• New environment: Cloud technology takes us to the old days of unsecured web sites with the same problems but just a little more sophisticated.
• New protocols: web socket is underlying protocol and enable the implementation for various usage that should take care of the same old security attack vectors: session management, scrubbing user input and more.
• There are more challenges to the application than ever. Scarping , DoSing Bots and much more business problem with security orientation that should be detected and mitigated.
And there is more…
No comments:
Post a Comment