01:42 PM
The Analytics Job and Salary Outlook for 2016
Jan 28, 2016
With data science and big data top-of-mind for all types of organizations, hiring analytics profes ...Read More>>

Stop Cyberattacks Before They Can Start

The key to halting attacks on corporate systems is to put rigorous security measures in place for designing E-commerce applications.

Corporate systems are increasingly at risk of cyberattacks that target particular vulnerabilities in E-commerce applications, be they commercial or custom-developed software. Many of these security holes stem from the way the applications are designed, according to a new study by security consulting firm @stake Inc. The firm was asked by clients in the financial, telecommunications, software, energy, and electronics industries to review their enterprise applications and assess their security vulnerabilities.

Corporate perimeters are rapidly dissolving and Internet-facing applications are proliferating, says Andrew Jaquith, @stake program director and an author of the study, which was conducted over the past year and a half. E-commerce applications are driving business innovation and companies are increasingly relying on these systems to carry out trading activities within and between corporate boundaries. The need for rigorous application security is of the utmost importance, Jaquith says.

The firm identified nine common classes of security flaws, including inadequate access controls and authentication features built into applications; lack of user session security; and an overreliance by programmers on client-side validation to establish trust between two entities communicating over the Internet.

So what's the solution? Jaquith notes that software developers must embrace more rigorous software engineering and security design practices. This includes placing emphasis on authentication and authorization methods early in the design phase; implementing mechanisms to validate user input; end-to-end session encryption; and safe data-handling practices. Many developers have a habit of implementing administrative back-doors in applications to let them gain access to the application once it's been deployed, a practice that Jaquith says must stop. In addition, developers must implement quality-assurance checks to ensure an application is safe from breaches once it's been deployed.

Comment  | 
Print  | 
More Insights
Register for InformationWeek Newsletters
White Papers
Current Issue
How to Knock Down Barriers to Effective Risk Management
Risk management today is a hodgepodge of systems, siloed approaches, and poor data collection practices. That isn't how it should be.
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.