InformationWeek Analytics, the leading service for peer-based IT research and analysis, today announced the release of its latest research report; Hardening Next-Gen Web Applications includes an actual Web 2.0 application exploit to educate members on how to find, defend against it. The 382 respondents to this survey were screened to ensure they hold responsibility for the development, deployment or ongoing security of Web 2.0 applications. The report author, Adam Ely, is director of security for TiVo.
Slick interactive applications have opened up new vistas of opportunity for businesses—and for attackers seeking to make off with data. In this report, we provide an in-depth analysis of the challenges around securing dynamic applications without stifling the very attributes that make them so popular with end users and customers.
- 61% of respondents have a standard set of libraries in place to secure common functions, such as database calls and input validation. The remaining 39% should follow suit.
- Despite the promise of tokenization to secure data, 50% say they have no plans for use.
- 64% see privacy breaches as the top threats linked to their organizations’ Web 2.0 applications.
- Java and .NET are in a dead heat for the No. 1 language respondents’ developers use to build Web 2.0 apps, at 55% and 54%, respectively. Perl is last, at just 2%.
- 63% of respondents use third-party APIs in their Web applications.
For full access to the research data, members can download now: http://analytics.informationweek.com/abstract/21/3675/Security/research-hardening-web-applications.html
“The ease with which the author was able to penetrate our sample Web 2.0 employee management application is possible because developers of Web apps often forget to protect against legitimate users,” says Lorna Garey, content director of InformationWeek Analytics. “Adam lays out a strategy to help companies avoid this and other common mistakes.”
InformationWeek Analytics is a subscription-based service, offering peer-based technology research. Its site currently houses more than 900 reports and briefs, and includes a dedicated area where technology professionals can access complete issues of InformationWeek Magazine. More than one hundred new reports are slated for release in 2010. InformationWeek Analytics members have access to:
- The full InformationWeek Analytics library of reports
- Peer based research and analysis to guide buying and implementing decisions
- Over 20 technology and IT business categories
- New reports launched every week
- Signature reports, such as the InformationWeek Salary Survey, InformationWeek 500 and the State of Security report
For more information on our membership programs please visit: http://analytics.informationweek.com/join
About InformationWeek Business Technology Network (http://www.informationweek.com)
The InformationWeek Business Technology Network provides IT executives with unique analysis and tools that parallel their work flow—from defining and framing objectives through to the evaluation and recommendation of solutions. Anchored by InformationWeek, the multimedia powerhouse that looks across the enterprise, the network scales across the most critical technology categories with online properties like DarkReading.com (security), IntelligentEnterprise.com (application architecture), NetworkComputing.com (networking and communications) and PlugintotheCloud.com (cloud computing). The network also provides focused content for key IT targets, such as CIOs, developers, SMBs and IT Support Managers via InformationWeek Global CIO, Dr. Dobb’s, InformationWeek SMB and HDI, as well as vital vertical industries with InformationWeek Financial Services, Government and Healthcare sites. Content is at the nucleus of our information distribution strategy—IT professionals turn to our experts and communities to stay informed, get advice and research technologies to make strategic business decisions.
About UBM TechWeb (http://www.techweb.ubm.com)
UBM TechWeb, the global leader in technology media and professional information, enables people and organizations to harness the transformative power of technology. Through its core businesses – media solutions, marketing services, and professional information – UBM TechWeb produces the most respected and consumed brands, applications, and services in the technology market. More than 14.5 million business and technology professionals (CIOs, IT and IT Support managers, Web and digital professionals, software and game developers, government decision makers, and telecom providers) actively participate in UBM TechWeb’s communities. UBM TechWeb brands include: global face-to-face events such as Interop, Game Developers Conference (GDC), Web 2.0, Black Hat, and VoiceCon; large-scale online networks such as InformationWeek, Light Reading, and Gamasutra; research, training, and certification services, including HDI, Pyramid Research, and InformationWeek Analytics; and market-leading magazines such as InformationWeek and Wall Street & Technology. UBM TechWeb is part of UBM, a global provider of media and information services for professional B2B communities and markets.