How safe are your apps? Posted on October 30, 2012 by Tim Burke A recent report by Forrester Consulting suggests your web applications may be far more vulnerable than you think. According to Forrester, 51% of the 240 North American and European companies surveyed experienced at least one application security incident since the beginning of 2011. And 18% of those suffered losses of at least $500,000. For 8% of those surveyed, losses topped $1 million. The report’s executive summary points to several key findings — each of which should cause you to start asking some basic questions about your own application security: Application security incidents are common and have severe consequences, Many organizations still struggle with the most basic security flaws, Most organizations do not have a holistic or strategic approach to application security, and Application development and security teams and goals are often not aligned for optimized results. Besides bringing security awareness to application development, you can also: Demand secure software and services from all providers Do penetration testing on all third-party code to check for common security vulnerabilities, such as cross-site scripting, code injection, and buffer overflows Disable applications’ default accounts, passwords, and administrative data Customize your application security methodology and accountability structure to your IT environment so you can sustain preventive and strategic security measures like threat modeling, secure design, and code-level analysis throughout your application lifecycle Push awareness of the need for better application security. In addition, find a competent services provider with experience in conducting application security scans. This sort of scan will identify potential security threats and give you tools that enable you to tighten your defenses against intrusions. A well-done scan will reduce data loss, downtime, and improve productivity. And since an application security scan helps protect you from breaches, it can boost your compliance management program, too. The right provider will gladly scan one of your apps at no charge to help identify any security gaps and vulnerabilities and then review the resulting report with you, going over any vulnerabilities that may be evident. If your business is like those surveyed by Forrester, you could well save some big bucks and untold hassle.