01:42 PM

Stop Cyberattacks Before They Can Start

The key to halting attacks on corporate systems is to put rigorous security measures in place for designing E-commerce applications.

Corporate systems are increasingly at risk of cyberattacks that target particular vulnerabilities in E-commerce applications, be they commercial or custom-developed software. Many of these security holes stem from the way the applications are designed, according to a new study by security consulting firm @stake Inc. The firm was asked by clients in the financial, telecommunications, software, energy, and electronics industries to review their enterprise applications and assess their security vulnerabilities.

Corporate perimeters are rapidly dissolving and Internet-facing applications are proliferating, says Andrew Jaquith, @stake program director and an author of the study, which was conducted over the past year and a half. E-commerce applications are driving business innovation and companies are increasingly relying on these systems to carry out trading activities within and between corporate boundaries. The need for rigorous application security is of the utmost importance, Jaquith says.

The firm identified nine common classes of security flaws, including inadequate access controls and authentication features built into applications; lack of user session security; and an overreliance by programmers on client-side validation to establish trust between two entities communicating over the Internet.

So what's the solution? Jaquith notes that software developers must embrace more rigorous software engineering and security design practices. This includes placing emphasis on authentication and authorization methods early in the design phase; implementing mechanisms to validate user input; end-to-end session encryption; and safe data-handling practices. Many developers have a habit of implementing administrative back-doors in applications to let them gain access to the application once it's been deployed, a practice that Jaquith says must stop. In addition, developers must implement quality-assurance checks to ensure an application is safe from breaches once it's been deployed.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of July 17, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.