New Year is a good time for setting goals and changing old habits. Here are Vaadata’s suggestions about resolutions you can take for improving the security of your web apps.

Happy New Year 2015 - illustration

1. I take an interest in web security issues

This is a first step. Obviously, you have heard of Sony Pictures and other major companies having been hacked in 2014.
In fact, it is not just big companies who are prone to cyber attacks. Although we generally do not get news about small companies being hacked, this is a common phenomenon. A website that does not contain highly valuable data can be a valuable target for hackers who are seeking to take control over it and use it for attacking other websites.
Of course, this causes high damages to the website’s owners when they eventually find that digital users are running away and that the reputation of their service has been ruined.

It is not a matter of choice: this is time for learning about security issues.

2. I get my technical staff trained

Once you have realised how much security matters, you should get your teams aware of it. Your good developers will not deliver secure applications if they have not been trained on the topic.

Many developers are used to get pressure about other priorities such as development planning, performance issues and front-end queries.

Furthermore, people who build the code and people who hack it do not look at an application with similar eyes. Your coders should learn about hackers’ views and the main types of attacks in order to cope with them.

Why not training your team about web security issues in 2015?

Training illustration

3. I invest in affordable tools

To secure an existing web application, there are different available tools. You can choose between security audits and web application firewalls (WAF).
A web security audit will allow you to identify your application’s vulnerabilities and to know how to fix them. There are several types of audits: manual tests and automated scans. Whereas an automated scan will find some technical flaws, only manual tests will help you cope with all vulnerabilities including logical flaws which are very common on the Internet.
A WAF will help you protect your website with a shield system. Though less comprehensive than a correction of all flaws, it is a complementary solution to security audits.

4. I correct my application’s flaws

Once you have made a security audit, you can correct all your application’s flaws.

Sometimes the first corrections rely on very basic things: PHP version updates, Linux updates, libraries updates…

No need to wait, you can do this right now!

Java Source Code illustration

5. I speak to my clients about web security issues

In the end, who will benefit from all your efforts regarding security issues? Your clients first, which also means your sales and turnover.

So much talk of cyber attacks in the media has finally caught your clients’ attention. One of your duties is to reassure them or even make them aware of the impact for them. Your reputation as a expert and the perception of your solutions will benefit from such commitment. If your competitors have not done so yet, here is a new opportunity to get ahead of them!