Upload
ibm-security
View
12.180
Download
0
Embed Size (px)
Citation preview
USUAL SUSPECTS: SQL INJECTION
AND CROSS-SITE SCRIPTING
“RUSH-TO-RELEASE” OF NEW/UPDATED
APPLICATIONS
EXPLOSIVE GROWTH IN MOBILE
APPLICATIONS
SQL Injection and Cross-Site Scripting vulnerabilities have been around for years, but they continue to be LEVERAGED FOR SECURITY ATTACKS.
Organizations DON’TALWAYS perform meaningful vulnerability testing on applications when they’re released or updated.
Mobile applications often pose a HIGH SECURITY RISK to organizations, but many organizations struggle to keep up with mobile security.
Eliminate security vulnerabilities from applications before they’re placed into production and deployed.
INTEGRATED SECURITY
TECHNOLOGIES
CONSULTING AND MANAGED
SERVICES
ADVANCED SECURITY
RESEARCH
IBM’s end-to-end security portfolio helps protect people, data, applications and infrastructure in the cloud, with integrated solutions and open standards for flexibility.
IBM’s world-class security services team helps secure someof the most complex cloud networks in the world—monitoring15 billion security events every day for over 4,000 clients.
IBM’s expertise is powered by X-Force®—one of the world’s oldest and most-respected commercial security research teams, with a comprehensive knowledge base that is embedded into our cloud security products and services.
IBM helps to secure your application development infrastructure with a comprehensive set of capabilities that provide deep visibility into your level of security protection.
www.ibm.com/applicationsecurity
QUICKLY LEARN WHICH APPLICATION VULNERABILITIES POSE A HIGHER LEVEL OF RISK TO YOUR ORGANIZATION. Review intuitive repor ting that permits simple navigation through your results, isolates critical issues and of fers relevant recommendations for remediation. Deliver ratings for vulnerabilities to support prioritization and developer productivity. Include function, line and class information for mobile vulnerabilities, so they can be remediated quickly.
INCREASE THE EFFECTIVENESS OF YOUR APPLICATION SECURITY PROGRAM, BASED ON YOUR FINDINGS. Rescan applications to verify that security issues have been remediated. Formulate an action plan for vulnerability remediation. Incorporate newly learned security best practicesinto daily application development activities.
CASE CLOSEDWITH IBM APPLICATION SECURITY
ON CLOUD
7 7%of respondents surveyed admitted that mobile applications contained vulnerable code as a result of rush-to-release pressures on development teams.1
8.4%of security incidents in2014 resulted from SQL Injection attacks.4
77%of respondents rated their Level of Difficulty in Securing Mobile Apps as “high”.
50% admitted their organizations earmarked a 0% budget for mobile application security.2
Many release applications rapidly to meet customer demand and organizational expectations such as revenue goals, rather than focusing on application security.
Only a handful of organizations devotesignificant portions oftheir mobile applicationdevelopment budgets tosecurity protection.
Many organizations continue to struggle with managing
them. 55% of respondents stated thatit’s difficult to minimize Client-Side Injection risks.3
1. Ponemon Report Link http://securityintelligence.com/mobile-insecurity/#.VWd2GWMgsmh
2. Ponemon Report Link http://securityintelligence.com/mobile-insecurity/#.VWd2GWMgsmh
3. Ponemon Report Link http://securityintelligence.com/mobile-insecurity/#.VWd2GWMgsmh
4. IBM X-Force Report Linkhttp://www-03.ibm.com/security/xforce/
© Copyright IBM Corporation 2015. All rights reserved.
APPLICATION SECURITY TESTINGHOW YOU CAN IMPROVE
SOLVE THE CASEWITH IBM APPLICATION SECURITY ANALYZER
THE BEST WAY TO PROTECT YOUR APPLICATIONS IS BY PERIODICALLY PERFORMING APPLICATION SECURITY TESTING. Testing’s conveniently conducted in the Cloud, with no specialized user training required. Options include Web Application Security and Mobile Application Security Testing.
Focus on the vulnerabilities that are most likely to have a significant impact on your organization.
PERIODIC APPLICATION SECURITY TESTING
HIGH-PRIORITY VULNERABILITIES
EFFECTIVENESS OF YOUR APPLICATIONSECURITY PROGRAM