Trends 2016 – Web Security
2016 – The more things change, the more they remain the same. Web security is and will continue to make the news in 2016 (and that is not a good thing). Yes, we will continue to see social engineering. We will continue to see phishing (and other forms of malicious email). Malware and ransomware will continue to be an issue. All this has been news for the past decade. And it will not go away in 2016.
What’s new in Web security issues
- What is new in 2016 is greater reliance on the Internet of Things (IoT). Personally, I have a multitude of devices connected to my home network – 4 computers, a notebook, 2 cell phones, TVs, and more devices to come – I know that I am not alone in this.
- Wearable technology is another area which is growing (and which often relies on the same web technologies). We should have security concerns about these devices as well. Specifically, they often touch other devices (such as our smartphones with a wealth of data). Security breaches can go well beyond a watch or fitness device.
We tend to rely more and more on the cloud for all sorts of activities. What I struggle with is how secure many of these repositories are (we have to depend on others as we do not see the underlying infrastructure). We also have to make the assumption that the items we use from these repositories are free of malware.
- As web professionals, we need to remain vigilant and monitor our applications for breaches and any unusual events.
- We also need to stay on top of emerging technologies. When we work with vendors and implement solutions, we need to question how much attention has been given to security.
- We need to keep up to date on latest trends and always make our code as secure as possible. For example, we should always trust visitors to our websites, but never trust their input. We should already be in the habit of sanitizing any data provided by a web site visitor. We should make web owners know about products (like the SiteLock and SSL certificate products that we offer) that can monitor and automatically remove malicious code. We have known how to defend against these sorts of attacks for many years. Yet, the attacks still happen.
- We need to audit our existing code to confirm that we do defend against these sorts of attack vectors.
- We need to be ready, remain vigilant, and keep up to date on emerging threats.
- When you install any new device, make certain you have an idea of how vulnerable it is to attack (and where the attacks are likely to come from).
- Continue to educate your clients on the dangers of these sorts of attacks.
Ref: content source edited from WebProfessionals.Org