"Internet AppSec Remains Abysmal & Requires Sustained Action in 2023"

Experts call on improving the security of the Internet and the cloud applications it serves. Beginning in 2022, corporations frantically hunted for and mitigated a severe vulnerability in the Log4j library, a widely used component of numerous systems. The 12 months following the Log4Shell fiasco revealed that most organizations do not know all the software components that comprise their Internet-facing applications, do not have processes to regularly check configurations, and fail to integrate and incentivize security among their developers. Therefore, with the post-pandemic growth in remote labor, many companies have lost the ability to lock down programs, making remote workers and consumers more susceptible to cyberattacks from all directions, according to Brian Fox, CTO of the software security company Sonatype. As the year 2022 draws to a close, organizations continue to face insecure applications, vulnerable software components, and the continuously growing attack surface provided by cloud services. Although software supply chain attacks increased by 633 percent in 2021, companies still lack the most basic security practices, such as removing known vulnerable dependencies. Sonatype discovered in March that 41 percent of downloaded Log4jcomponents were insecure versions. The average organization now uses 15,600 Application Programming Interfaces (APIs), and traffic to APIs has quadrupled in the past year. According to Tony Lauro, head of security technology and strategy at Akamai, human users' tendency to make mistakes is the natural attack vector into enterprise infrastructure due to the increasing cloudiness of infrastructure. This article continues to discuss the persistence of software supply chain holes, growing cyber threats against applications, future application security innovation, and the cyber-secure choices companies can make in developing applications. 

Dark Reading reports "Internet AppSec Remains Abysmal & Requires Sustained Action in 2023"

Submitted by Anonymous on