Companies are increasingly seeking digital transformation to improve the customer experience, and cut costs. Self-service and increased communication through the web has allowed customers to take control over their own records and interactions with organisations. Unfortunately, it’s also allowed criminals to take the same control.
Using the web to interact with your customers, means that criminals can pose as your customers as well. This means that they can extract private information, including payment card information, as well as issue instructions with the authority of your customer. Orders of high value goods sent to a criminal drop site using a legitimate customer’s account is common though rarely reported.
Confidence in the security of your web applications is critical to successful digital transformation, whether this is gaining permission from your board or CIO to digitise a process, or convincing customers to adopt the newly digitised process. This is true whether you’re selling through the web, or a council accepting development applications online.
Web application firewalls can provide this confidence – especially when the application has been developed specifically for you, or is a customised version of off the shelf software. These types of applications are much more likely to have critical vulnerabilities such as SQL injection, and cross site scripting, which may allow criminals to copy off your entire database.
While penetration testing is a good control to detect known vulnerabilities, your website could be frequently changing, and attacker’s methodologies are definitely frequently changing – what was considered safe today, might be vulnerable tomorrow.
Web Application Firewalls can mitigate that issue: They can either blacklist attacks, or whitelist good input. Even when your application changes and a new SQL injection is introduced, the web application firewall will block it. If criminal’s attacks change, but the web application firewall has never seen traffic like that before, it also gets blocked. The WAF becomes a stable guardian in a rapidly changing world.
If you are in the process of, or thinking about digital transformation for your organisation, contact Content Security to see how we can help you secure and accelerate your transition.
1300 659 964
Level 1 Suite 1.06, 1 Epping Road, NSW 2113
Level 4 Suite 430, 838 Collins Street, VIC 3008
Level 3, 231 George Street, QLD 4000