Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

More Than Half of Companies Addressing Risks of Web 2.0

Fifty-six percent of companies that have deployed interactive Web 2.0 applications have taken steps to prevent hacking, and the other 46 percent should, according to a new report released yesterday by InformationWeek Analytics. To make its point, the research firm deployed a sample Web 2.0 employee management application on its web site. The report’s author, Tivo security director Adam Ely, easily hacked it.

Fifty-six percent of companies that have deployed interactive Web 2.0 applications have taken steps to prevent hacking, and the other 46 percent should, according to a new report released yesterday by InformationWeek Analytics. To make its point, the research firm deployed a sample Web 2.0 employee management application on its web site. The report’s author, Tivo security director Adam Ely, easily hacked it.

“The ease with which the author was able to penetrate our sample Web 2.0 employee management application is possible because developers of Web apps often forget to protect against legitimate users,” says Lorna Garey, content director of InformationWeek Analytics.

Key findings in the report:

• Application-layer firewalls are the number one protection technology in place today, but Web application scanning and source code auditing are on the horizon for 25 percent of the respondents.

• 61 percent of respondents have a standard set of libraries in place to secure common functions, such as database calls and input validation.

• Despite the promise of tokenization to secure data, 50% say they have no plans for its use.

• 64 percent see privacy breaches as the top threats associated with their organizations’ Web 2.0 applications.

The report also reveals that in the world of Web 2.0, Java and .NET are in a dead heat as the language of choice for Web 2.0 developers, garnering 55 percent and 54 percent respectively. Perl is last, at 2 percent.

Advertisement. Scroll to continue reading.
Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Jared Bartel has been named CISO at Idaho State University.

Automated phishing protection and scam prevention company Bolster has appointed Rod Schultz as CEO.

Bugcrowd has appointed Trey Ford as CISO for the Americas.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.