Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

More Than Half of Companies Addressing Risks of Web 2.0

Fifty-six percent of companies that have deployed interactive Web 2.0 applications have taken steps to prevent hacking, and the other 46 percent should, according to a new report released yesterday by InformationWeek Analytics. To make its point, the research firm deployed a sample Web 2.0 employee management application on its web site. The report’s author, Tivo security director Adam Ely, easily hacked it.

Fifty-six percent of companies that have deployed interactive Web 2.0 applications have taken steps to prevent hacking, and the other 46 percent should, according to a new report released yesterday by InformationWeek Analytics. To make its point, the research firm deployed a sample Web 2.0 employee management application on its web site. The report’s author, Tivo security director Adam Ely, easily hacked it.

“The ease with which the author was able to penetrate our sample Web 2.0 employee management application is possible because developers of Web apps often forget to protect against legitimate users,” says Lorna Garey, content director of InformationWeek Analytics.

Key findings in the report:

• Application-layer firewalls are the number one protection technology in place today, but Web application scanning and source code auditing are on the horizon for 25 percent of the respondents.

• 61 percent of respondents have a standard set of libraries in place to secure common functions, such as database calls and input validation.

• Despite the promise of tokenization to secure data, 50% say they have no plans for its use.

• 64 percent see privacy breaches as the top threats associated with their organizations’ Web 2.0 applications.

The report also reveals that in the world of Web 2.0, Java and .NET are in a dead heat as the language of choice for Web 2.0 developers, garnering 55 percent and 54 percent respectively. Perl is last, at 2 percent.

Written By

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.