For many, October is the month devoted to Autumn festivities, and all the tricks, costumes and scary things that Halloween brings. The scary things this month seem fitting especially given it’s also the month for National Cyber Security Awareness. There is far worse lurking inside your websites and mobile applications than there is in a haunted house. With the recent breaches at Equifax (app vulnerability), Whole Foods and Sonic, most organizations are now recognizing that a breach may be a pending reality for them. In a recent article posted by the FBI, Assistant Director Scott Smith says, “Cyber risks can seem overwhelming in today’s hyper-connected world, but there are steps you can take to protect yourself and reduce your risk.”
How We Can Help
Your website is the most publicly-accessible entrance to your IT ecosystem. It’s how most communication and transactions are completed with your customers, and how the outside world interacts with your brand. And with 30 percent of cyberattacks being on web applications, you have to keep your digital assets safe.
DAST (Dynamic Application Security Testing) is perfect for organizations that might be new to secure DevOps. Think of it as your own personal hacker, something that tests an application by attacking it from the outside in. It examines applications as they are in production, testing it in ways to discover software flaws to exploit. This is different than SAST (Static Application Security Testing) in that SAST is used early in the software development process to test the application from the inside out. It doesn’t require a running system to perform the evaluations. To get a comprehensive picture of your web application security, you need both. Check your applications as they are being developed using SAST, and then continuously monitor them via DAST when they are deployed to production.
Here at WhiteHat, we want to help you be as safe and successful as possible in your application security efforts. As part of the annual public campaigns around National Cyber Security Awareness Month, WhiteHat is offering free web security software with Sentinel Dynamic, our continuous monitoring solution providing web security testing for security vulnerabilities for one web application for one year. With this service, you can know your risk and focus on the most important vulnerabilities, get expert security guidance from WhiteHat’s Threat Research Center on ways to fix those vulnerabilities, and access reports and analytics capabilities to monitor trends like risk posture and remediation rates.
All vulnerabilities found by Sentinel Dynamic are verified by experts in the Threat Research Center, ensuring a near zero false positive rate, meaning users can expect highly actionable, real vulnerability results.
What DAST Finds
Our annual security report outlines the top vulnerabilities found by DAST for web applications:
Information Leakage is the most prevalent web app vulnerability with 37 percent likelihood. This problem is very common, with roughly half of applications having some type of information leakage vulnerability. It is a broad classification that can be as serious as leaking usernames and passwords or as benign as “leaking” software version numbers.
Cross-Site Scripting (33%) is an injection attack that targets the client-side of an application to execute some malicious script via the end user’s browser. Because production applications are not static, they take input and data from users all the time. However, this user input/data must be properly encoded and sanitized, not merely executed, depending on the specific case.
Content Spoofing (27%) is an injection attack that allows an attacker to control the content displayed to the end user. It could deface the web page, mimic the authentication screen to steal user passwords, or display an error message to compel some other action. Developers must always have their guard up when taking text from an input request to ensure data is properly displayed as data, not content.
Insufficient Transport Layer Protection (21%) is a class used to describe errors such as weak ciphers, certificate misconfiguration or known vulnerable protocols. In recent years, it has been exploited in zero day attacks such as Poodle, Shellshock and HeartBleed – making it a critical but tricky error to fix. Developers must properly maintain protocols, ciphers and certificates in live applications to keep them safe and up to date – while balancing security and usability.
WhiteHat Sentinel Dynamic is the dynamic application security testing solution that helps you understand, prioritize, and mitigate your web app vulnerabilities. Now is your chance to take advantage of this application security platform for free.
Better jump on it! This deal is being offered ONLY for the month of October 2017. The promo ends at midnight, Pacific Time on 10/31/2017.
 National Cyber Security Awareness Month 2017: Protecting Yourself Online in an Interconnected World