Latest Public Sector News

04.04.16

Web application security in the public sector

Advertorial Feature

With the uptake of cloud computing and the advancements in browser technology, web applications and web services have become a core component of many business processes, and therefore a lucrative target for attackers. Over 70% of websites and web applications however, contain vulnerabilities that could lead to the theft of sensitive data, credit cards, customer information and Personally Identifiable Information (PII). 

High profile cyber-attacks regularly make the headlines, exposing citizens to financial loss and worry, and costing organisations millions. Consequently web security is becoming higher on the IT agenda for UK organisations in both the private and public sectors – particularly those with a cloud-first approach. According to PWC's latest Global Economic Crime Survey, over half of UK organisations say they expect to be the victim of cyber-crime in the next two years, suggesting it will become the UK’s largest economic crime. 

The statistics 

The UK 2015 information security breaches survey (carried out by Department for Business, Innovation and Skills published in June 2015) noted that a staggering 90% of large organisations surveyed, admitted to having experienced at least one data breach within the last year, with 74% of small business reporting a breach. The most severe online security breach for big business reached a staggering £3.14 million. With security breaches on the increase, web vulnerability testing has become a critical minimum security requirement for all organisations. 

But it’s not only private organisations that are at risk, the public sector is just as vulnerable. A new Nesta report states that councils should become ‘digital by default’ by 2020, including by moving all transactional services online and fully digitising their back offices. Even though this will bring huge benefits, councils need to address a number of concerns about cyber security, privacy, and consent to retain public confidence in the security of data. 

I have a firewall - that should do it 

Unfortunately there is a misguided mentality that installing a firewall is sufficient to stop an attack. Although an important step in an organisation’s security posture, any defense at network security level will provide no protection against web application attacks since these are launched on port 80/443, which must remain open in order to allow visitors to visit your website. The attacker can then go straight through the firewall, past operating system and network level defences and right to the heart of the application and sensitive data. In addition, web applications are often tailor-made and therefore tested less than off-the-shelf software and are more likely to have undiscovered vulnerabilities. 

The solution: Regular automated vulnerability scanning 

Using a web vulnerability scanner like Acunetix Vulnerability Scanner ensures vulnerabilities are detected before a hacker can exploit them. A Vulnerability Scanner is used to crawl all web-based business-critical assets, automatically analysing them for perilous vulnerabilities and flaws that could expose the organization. The scanner detects and reports on vulnerabilities in applications irrespective of the architecture they are built in (such as PHP and ASP.NET) as well as being able to scan and detect vulnerabilities in applications built using popular CMS systems such as WordPress, Drupal and Joomla!.

Important Scanner Features:

1) Crawling and Scanning

A fundamental process during any scan is the scanner’s ability to properly crawl an application. Look out for a scanner that can crawl complex web application architectures including JavaScript-heavy HTML5 Single Page Applications while being able to scan restricted areas automatically and with ease. 

2) Detecting vulnerabilities

With vulnerability detection, it’s accuracy that counts. Being able to scan a large number of vulnerabilities is important, however it’s the ability to scan accurately, with low false positives, that counts. Acunetix’ unique AcuSensor Technology deploys sensors inside the source code, which relays feedback to the scanner during the source code’s execution thus not only reducing false positives, but also being able to pinpoint the exact line of vulnerable code.

3) Reporting and Remediating

Once the scans are performed, the scanner will populate the information in a set of Internal Management reports as well as a range of Compliance and Classification reports for regulatory standards and best practice guidelines. 

About Acunetix

Acunetix is the market leader in automated web application security testing, founded to combat the rise in attacks at the web application layer. Its products and technologies are the result of a decade of work by a highly experienced development team specializing in security. Acunetix Vulnerability Scanner is the tool of choice for many customers globally in the Government, Military, Educational, Telecommunications, Banking, Finance, and E-Commerce sectors, including many Fortune 500 companies. www.acunetix.com 

Acunetix Vulnerability Scanner is available both as an online and on premise solution. It is included in the UK Government’s latest G-Cloud procurement framework, G-Cloud 7. Acunetix offers their Online Vulnerability Scanner as Software-as-a-Service (SaaS), through the Digital Marketplace. https://www.digitalmarketplace.service.gov.uk/g-cloud/services/7192777907076465 

Comments

Stephen   05/04/2016 at 18:28

Excellent insight and very interesting!

Add your comment

 

public sector executive tv

more videos >

last word

Prevention: Investing for the future

Prevention: Investing for the future

Rob Whiteman, CEO at the Chartered Institute of Public Finance (CIPFA), discusses the benefits of long-term preventative investment. Rising demand, reducing resource – this has been the r more > more last word articles >

public sector focus

View all News

comment

Peter Kyle MP: It’s time to say thank you this Public Service Day

21/06/2019Peter Kyle MP: It’s time to say thank you this Public Service Day

Taking time to say thank you is one of the hidden pillars of a society. Bei... more >
How community-led initiatives can help save the housing shortage

19/06/2019How community-led initiatives can help save the housing shortage

Tom Chance, director at the National Community Land Trust Network, argues t... more >

interviews

Artificial intelligence: the devil is in the data

17/12/2018Artificial intelligence: the devil is in the data

It’s no secret that the public sector and its service providers need ... more >

the raven's daily blog

NSPCC: Working together to improve the support available for children who have been sexually abused

08/10/2019NSPCC: Working together to improve the support available for children who have been sexually abused

Hayley Clark, the acting head of development and impact at the NSPCC, talks about the significant gap in support services for children who have been sexually abused and the Ho... more >
read more blog posts from 'the raven' >

editor's comment

25/10/2017Take a moment to celebrate

Devolution, restructuring and widespread service reform: from a journalist’s perspective, it’s never been a more exciting time to report on the public sector. That’s why I could not be more thrilled to be taking over the reins at PSE at this key juncture. There could not be a feature that more perfectly encapsulates this feeling of imminent change than the article James Palmer, mayor of Cambridgeshire and Peterborough, has penned for us on p28. In it, he highlights... read more >