Web Apps: The Top Vulnerabilities

ISACA Shares Common Challenges, Solutions
ISACA has just released a new study about the top vulnerabilities of Web applications. And, according to Sarb Sembhi, the results of this survey just might surprise you.Web applications definitely add their value. They improve operations, efficiency and, in some cases, functionality. But what's missing in today's application development is adequate and ongoing training about application vulnerabilities, says Sarb Sembhi, past president of ISACA's London Chapter and a member of the organization's GRA Regional Subcommittee.

Many [programmers] pick up application programming as a hobby," Sembhi says. "They don't go to school for it. They don't know the vulnerabilities. So we need to challenge the way people learn. What's missing is training - training on coding securely."

In a newly published white paper, ISACA outlines recommendations for organizations interested in enhancing their internal training for coders, as well the career direction ISACA sees more specialized coding taking in the future.

"There are some very specific courses for coding that are out there, depending on the kind of coding," Sembhi says. "These professionals will become highly skilled individuals, making the design more streamlined. ... The key thing here is always education."

During this interview, Sembhi discusses:

  • The need for organizations to training and education costs for coders into their budgets;
  • The impact supply chain and the introduction of new components can have on application security vulnerabilities; and
  • Why design and architecture are two critical areas linked to Web app security.

Sembhi is past president of ISACA's London Chapter and serves on the GRA subcommittee and is a member of ISACA's Professional Influence/Advocacy Committee. He also is director of consulting services with Incoming Thought. Previously, he served a security researcher.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.