Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security

9/22/2015
01:00 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

New Information Security Forum Research Highlights Application Security Best Practices

Latest Report Describes How Application Risk is Increasing and Why Managing Risk is Critical

NEW YORK – September 22, 2015 –  As the information explosion continues, applications are proliferating and becoming increasingly diverse – moving from mainframes and servers to clouds, smartphones, wearables and other devices. In an effort to better prepare organizations with the risks associated with applications, the Information Security Forum (ISF) today announced the launch of Application Security – Bringing Order to Chaos, the organizations latest report which describes how application risk is increasing and why managing risk is critical, given the impacts organizations are experiencing and their reliance on applications.

From their earliest days, applications provided automation and efficiency, helping organizations run business processes and back office functions quickly, inexpensively and to scale. But today, the ability to create applications, once exclusive to vendors and in-house programmers, has become routine. Applications are increasingly vital to mission-critical product and service delivery in all sectors such as running manufacturing lines, checking passports at the border, executing financial transactions and distributing energy. But, despite their best intentions, many organizations are failing to apply good practice consistently across the application life cycle, leaving gaps that expose the organization to risk.

“Modern applications are written in multiple languages and run on myriad devices. They can be obtained in minutes with a credit card – then loaded with sensitive business information, often bypassing good security, governance and procurement practices,” said Steve Durbin, Managing Director, ISF. “Organizations no longer have the luxury of managing a handful of applications. Today’s portfolios contain thousands of diverse applications that complicate lines of responsibility and introduce unknown risk.”

Chief Information Security Officers (CISOs) acknowledge the need to address application risk, yet many are not doing so. Moving forward, organizations of all sizes must identify and resolve the organizational barriers that impede application risk management. Application Security – Bringing Order to Chaos equips ISF Members to improve governance and risk management across the application life cycle. It does this by:

  • Articulating the magnitude of application risk
  • Providing practical guidance on how organisations can overcome operational barriers with clear governance, better communications, the right skills and actions to address immediate risk
  • Setting out an approach that incrementally improves application risk management and embeds good practice across application portfolios

“Best practice guidelines to reduce the risk of attacks are available, and they work,” continued Durbin.  “But, application risk needs to be governed effectively; otherwise good practice will be applied inconsistently across the application life cycle, leaving risk unmanaged. Organizations that do not secure their applications will continue to present themselves as easy targets, thus leaving them open to certain reputational damage and financial loss.”

The ISF Application Security Framework is essential to the ISF approach to addressing application risk and has been developed to help organizations improve security at all stages of the application life cycle. The framework is a structured, comprehensive set of twenty-seven best practice guidelines, derived from leading practice, expert input, reputable standards and other guidance.  It is supported by an iterative approach for use by ISF Members to address immediate risk and incrementally improve information security across their application portfolios. For more information, please visit the ISF website.

 

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
The Cold Truth about Cyber Insurance
Chris Kennedy, CISO & VP Customer Success, AttackIQ,  11/7/2019
6 Small-Business Password Managers
Curtis Franklin Jr., Senior Editor at Dark Reading,  11/8/2019
Black Hat Q&A: Hacking a '90s Sports Car
Black Hat Staff, ,  11/7/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Dueling Free Throws A riff on the song Dueling Banjos
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18862
PUBLISHED: 2019-11-11
maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode.
CVE-2019-18853
PUBLISHED: 2019-11-11
ImageMagick before 7.0.9-0 allows remote attackers to cause a denial of service because XML_PARSE_HUGE is not properly restricted in coders/svg.c, related to SVG and libxml2.
CVE-2019-18854
PUBLISHED: 2019-11-11
A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to unlimited recursion for a '<use ... xlink:href="#identifier">' substring.
CVE-2019-18855
PUBLISHED: 2019-11-11
A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to potentially unwanted elements or attributes.
CVE-2019-18856
PUBLISHED: 2019-11-11
A Denial Of Service vulnerability exists in the SVG Sanitizer module through 8.x-1.0-alpha1 for Drupal because access to external resources with an SVG use element is mishandled.