Why does web application security continue to fail so dismally?

A recent survey of almost 600 IT professionals by the Ponemon Institute reveals that 98% of organisations have had their web applications compromised over the past 12 months. The majority (54%) of participants in the Cost of Web Application Attacks survey were from large organisations with more than 1,000 employees.

75% of our customers in this bracket tell us that they recognise the need for security enhancement, but few have provisioned budget against this. Why? Because most web applications have vulnerabilities and re-developing and testing them can be a costly and time consuming process….. or so people think!

Unbeknownst to many, installing an in-line web application firewall, such as a Citrix NetScaler is a highly effective and cost efficient way to prevent the exploitation of vulnerabilities with no re-development costs.

We’ve used this NetScaler fix in our own business and with hundreds of businesses across the UK, all of which have successfully mitigated the risks of an application with a cross site scripting vulnerability in an environment where data security is paramount.

According to the research the primary reasons for not testing more web applications are:

• Uncertainty over how much to test
• Senior management doesn’t understand application security or see its need
• Lack of budget
• Lack of expertise