With all this talk about how vulnerable small businesses and individuals are to hacking, it can seem like the applications we use every day are an afterthought in the battle against malware. Application security is one of the most important kinds of cybersecurity because web applications (and mobile applications) work with staggering amounts of sensitive customer data.
How an application developer handles security can be a defining moment for the success of the application. Ignoring application security can carry ethical, legal and financial consequences. Actively addressing security isn’t just the right thing to do; it’s also a fantastic move in terms of public relations and customer experience.
The Frequency of Application Security Failures
The security failures of application developers are well simple, but so routine that they’re difficult to correct. In 2016, an estimated 72% of applications had at least one major encapsulation error. Security issues were most prevalent in mobile applications; 95% of recently tested mobile apps had some kind of security issue, and 80% exhibited critical or high-risk vulnerabilities.
The good news is that 45% of organizations plan on scaling up their application security spending in the next 12 months. It’s likely that stagnant security budgets are a contributing factor to the lack of progress in application security in recent years.
How Developers Are Addressing Security
Many application developers are catching on to the increasing importance of applications security and reacting accordingly. Some are focusing on combating malicious practices that cause downtime. Netflix is one recent example. By rerouting user traffic to servers in other regions, Netflix has been able to devote entire regions’ worth of servers to use as a live-fire testing zone to run security simulations. In one recent test, Netflix DDoS’d (Distributed Denial of Service) itself in order to find areas of vulnerability and engineer more effective solutions.
Developers that are getting on board with increased security spending should begin to see results within the next year. Outsourcing application security responsibilities is more viable than ever. Editors spot mistakes that writers miss due to their familiarity with the content. Similarly, third-party security specialists can find flaws in code and functionality that developers may skim over after months of working on an application.
In the meantime, there are many options for end users to take security into their own hands.
What You Can Do to Improve Security
Not all aspects of application security fall at the developer’s feet. There are many precautions that users can (and should) take to further secure their information.
Using random and complex passwords is one of the best possible ways to prevent your accounts from being compromised. Keeping track of dozens of passwords can be a burden, so consider using a password management program to keep track of and automatically enter passwords on your personal devices. Stay away from passwords that carry personal significance.
In the office, consider implementing dual-authentication, and require employees to lock up their workstation at the end of the day. Keep in mind that with the increased use of mobile and personal devices for work purposes, your network perimeter doesn’t end at the walls of your office; it now extends to every employee’s pocket and home desk. Proper cybersecurity education can help employees spot the warning signs associated with poorly secured apps.
Web applications are already ubiquitous and will only become more common and more powerful with the passage of time. The potential of application development will only be fully realized once security is prioritized as highly as functionality.