Quite an interesting read and really shows you where people are looking nowadays to breach companies that hold sensitive data. Due to such wide notice that passwords just be secure, guessing passwords is no longer really worth anyone's time as you would need some serious kit to crunch the numbers and get to a point in which a password can be viewed. I think it's also easier for the people out their to do a quick scan of a website, view the version of applications they are using whether it be apache or SQL. A quick Google search later, I'm sure that a list of known vulnerabilities would be brought up and then it's game on.
Great article and really shows light on where administrators need to focus on patching and updating public facing systems
Thanks Sam (Comptia Sec +, Net +, A+, SSCP, MTA Sec, CCNA)
Security of web applications depends upon developers and organizations too who install IPS. However, again basic stuff is same, human element. The one who develops the application, updates the IPS and uses the machine r humans, so if we really want to mitigate risk of occurring cyber threats, we require strong internal controls and their adequate and effective implementation and regular monitoring for improvements.
This will definitely help to reduce the occurrance of adverse incidences.
Regards, Gargi Akolkar ( Bcom, CA, PGD in Cyber Security, Cyber Forensics, Cyber Laws and Cyber Crimes, Certified in Forensic Accounting and Fraud Investigation)
Timing of article is spot on for me. I had an interview 48 hrs ago for this exact thing in the financial industry. Ensuring security is built in to apps from beginning instead of wrapped around when deployed. This has been a huge issue in my line of work, making me very unpopular with coworkers and PMs. Oh well, some folks are late learners.