Just like, we know that our online presence is an extremely important and crucial part of our and our organizations existence, and getting access to it is a very lucrative deal for the cybercriminals. Online presence that exists primarily in the form of web and mobile applications. But we do not make securing them a priority, unless we suffer a loss. Unfortunately, this loss at times is too great to be measured only in dollars, as trust and loyalty loss of customer’s is priceless.
Web application firewalls (WAF) (http://www.indusface.com/
This illustration, is aimed at highlighting an ideal security vendor’s Application Security Paradigms.
Key Paradigms According to COVEY
Be Proactive - I am responsible for my behaviour and the choices I make in life.
Begin with the End in Mind - I will create results mentally before beginning any activity.
Put First Things First - Focus on ‘Truly’ important and say no to unimportant.
Think Win-Win - Effective, long-term relationships require mutual benefit.
Seek First to Understand Then to Be Understood - Diagnosis must precede prescription.
Synergize - The whole is greater than the sum of parts
Sharpen the Saw - Results require constant improvement/
Key Application Security Paradigms According to Indusface
Be Proactive - Vendor must provide WAF-as-a-Service, accept the responsibility of making WAF work for the customer, refine it as needed, and develop proactive defense mechanisms.
Begin with the End in Mind - WAF vendors must configure the WAF rule-set to ensure minimal false positives. The goal must be to improve the security posture without degradation of user experience
Put First Things First - Protecting against Critical known issues – Effective virtual patching – should be the first priority of WAF deployments.
Think Win-Win - WAFs need to be able to demonstrate ROI while improving security posture of the application.
Seek First to Understand Then to Be Understood - Ability to provide detail forensics, logging any suspicious activities and providing enhancements based on application nuances is the key feature of WAF core rule set improvement.
Synergize - WAFs must be leveraged to develop a total application security posture, combine deployments of WAFs along with application scanning and secure coding practices to get a holistic application security program.
Sharpen the Saw - Constant update and monitoring of WAF Core Rules sets, getting intimate with application and user behaviour via forensics on legal/suspicious/