Web security in 2016 is very different from what it was like in 2006, 1996 or even further back. As technology evolves and leaps forward, unfortunately, so do vulnerabilities. Prevention strategies that were sufficient ten years ago might not hold up well in the face of fast-paced progress. Our society is becoming increasingly networked, which broadens the scope of potential exploits. All this warrants a new perspective on security based on an understanding of how the field has changed and how to respond to new challenges. In this article, we explain how web security has evolved and share best practices that are key to staying safe .

Web Security Now and Then  - websecuritynowandthen - Web Security Now and Then

1. FREQUENCY OF TESTING

Thumbs up  - iconic 1 1 1 thumb up 256 0 44d38d none 150x150 - Web Security Now and ThenContinuous security with automation

Thumbs down  - iconic 1 1 1 thumb down 256 0 f7351e none 150x150 - Web Security Now and Then

One-off penetration testing

The frequency of testing might be the greatest and most crucial change the evolution of web security has brought. Not that long ago, quarterly and even yearly penetration tests were very common and were not considered inadequate, but this is not the case anymore.

New vulnerabilities emerge all the time, which is why continuous security testing is necessary to stay safe online. Unlike traditional tests, regular scans are automated and faster than in the past, allowing you to keep an eye on security while having plenty of time to focus on developing awesome stuff. Imagine security is like an onion; using automation to be able to keep up with developments in web security is just one of the many layers that make up a complete security strategy. Finding services that fit your team and support your everyday work is an important step towards shifting to a more security-focused work routine.

2. SECURITY MINDSET

Thumbs up  - iconic 1 1 1 thumb up 256 0 44d38d none 150x150 - Web Security Now and ThenPervasive

IsolatedThumbs down  - iconic 1 1 1 thumb down 256 0 f7351e none 150x150 - Web Security Now and Then

Back in the day, security was most often the of a highly specialised team (or individual!) responsible for keeping the organisation safe from attackers. Other teams had little to do with security matters and were not usually up to date on the latest developments and best practices.

Nowadays, security permeates all aspects of day-to-day work and is present in every step of the development process. It takes time and effort to educate teams and incorporate an updated work routine, but fear not, it’s worth it! Shifting to a security-oriented mindset demystifies security, increases risk awareness and makes it easier to take action if your site’s security ever becomes compromised. While security teams remain the main line of defense, every organisation can benefit from introducing security into other teams’ work.

However, your work with security need not, and should not, stay confined to your company. Add layers to your security onion! Bug bounty programs and platforms like HackerOne, Bugcrowd and Detectify Crowdsource are incredibly valuable resources for organisations looking to improve their security. You will never be able to recruit ethical hackers to a 9-5 job, but they can still help you out. Detectify Crowdsource draws on the community’s knowledge by crowdsourced into the Detectify service. Finally, you might want to consider hiring manual pentesters to complement your staff’s knowledge and make your work with security more comprehensive. The layers of your security outline might look something like this:

  • Security awareness within your team
  • Detectify Crowdsource
  • Bug bounty programs
  • Manual pentesting

3. ACCESSIBILITY

Thumbs up  - iconic 1 1 1 thumb up 256 0 44d38d none 150x150 - Web Security Now and ThenAccessible

ObscureThumbs down  - iconic 1 1 1 thumb down 256 0 f7351e none 150x150 - Web Security Now and Then

As a result of security being the sole responsibility of a specialised security team in the past, it seemed complicated and perhaps even slightly intimidating. High prices of security solutions reinforced the idea of security as a totally idiosyncratic field and also rendered decision-making difficult and expensive. Adjusting one-off manual pentests to specific needs or making changes was not easy without help from experts.

Luckily, a lot has changed. Services like Detectify offer easy-to-use interfaces that make working with security simple and intuitive, while also providing knowledge that can help users feel more comfortable tackling security issues. Using security is no longer an expensive and time-consuming endeavour, but instead gives your team additional support in their daily work. The flexibility of automated security services like Detectify makes it easy to adjust the testing to your needs, with options to add subdomains, only scan specific areas, or scan behind login.

Thinking of new vulnerabilities and exploits might worry you, but it is important to keep in mind that working with security has never been this thorough and accessible. With the support of automated security testing and ethical hackers’ knowledge, you can introduce a security-oriented way of thinking into your organisation and successfully work with security. Go hack yourself!

Interested in using automation to support your work with security? Sign up for a free trial!

If you have any questions about implementing security into your workflow, let us know at hello[at]detectify.com.



Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here