Website Risk Management

Websites have emerged as the number one attack target of choice.  Attacks have moved from the well defended -network layer to the more accessible Web application layer that people use everyday to shop, bank, manage healthcare, pay insurance, book travel and apply to college. 

The ramifications for companies who do not adequately protect and secure their websites are clear:  Loss of data, malware infection, loss of consumer confidence, and failure to meet regulatory requirements.  No company can afford the black mark of a website hack.  With many states mandating full disclosure, and both the Payment Card Industry and the federal government close behind, the luxury of hoping an attacker will target someone else’s websites has passed. 

Website Risk Manage vulnerability Reporting

Building a website risk management program for production website security

Even highly trained security professionals flinch when tasked with building a website security program from scratch.  The question most often asked is:  Where do I begin?  The second is:  What does an effective website risk management program look like?

WhiteHat Security has crafted a four-phase Website Risk Management approach built around securing and protecting both your production and QA websites:

  1. Asset Identification
  2. Vulnerability Management
  3. Reporting / Communication
  4. Protection

 

Organizations must develop a strategy for website risk management

Website security is more than a tally of the latest vulnerabilities that may threaten a company’s websites. It’s also about managing risk. Website security data is not solely the domain of the security team: It’s utilized by auditors, compliance, product management, and developer organizations within a company, as well.   

And, because there is no pre-existing infrastructure of independent software vendors pushing-out standard patches for commercial products, applying the rules of traditional OS is insufficient, inadequate, and simply does not work.  With rare exceptions, every website is unique custom code.  And, even more unique to websites is that they are – by design – open and available to the public; and, therefore, to hackers. 

It is in the post-deployment, or operational, phase of the application lifecycle that a website risk management program delivers the most value to an organization.  This operational phase is by far the most important, and generally of the longest duration, of any phase of an application’s life. As the most prevalent attack target, production websites are where the majority of an organization’s security resources should be applied.

 
 

 
Website Risk Management  |  Sentinel Services  |  Support Plus  |  Education Services  |  Events & News  |   Resources  |   Partners  |   About WhiteHat
2010 © Copyright  |  WhiteHat Security, Inc.  |  3003 Bunker Hill Lane, Santa Clara, CA 95054  |  408.343.8300  |  Contact the Webmaster