Ilia Kolochenko, CEO of High-Tech Bridge on the recent story about Citrix’s CMS being hacked into, which he believes should focus more on the insecurity of web applications than the Russian hacker angle.
[su_note note_color=”#ffffcc” text_color=”#00000″]Ilia Kolochenko, CEO of High-Tech Bridge :
“In 2012, High-Tech Bridge and Frost & Sullivan released a White Paper saying 4/5 network intrusions start directly, or involve, insecure or outdated corporate web applications. However, since then, not many companies changed web application security priority in their risk strategies.
People prefer to spend on mysterious APTs and other highly exaggerated threats, leaving main doors to their companies (web apps) open to everyone. We need to understand that modern web application is not just a website, but a direct access to internal and highly sensitive infrastructure.
The Citrix compromise is not even about weak passwords, it’s about the catastrophic level of web security in general. Such business-critical web application shall never be accessible from the outside without IP fileting and Two Factor Authentication. I don’t even speak about proper privilege segregation and access control within the application.
We need to wake up, otherwise while we are spending millions on wrong threats, hackers will steal everything we have via forgotten web applications.”[/su_note]
Ilia feels so strongly about web application reliability and compliance that his company has launched a free SSL/TLS security testing service and API for users to test their web and email servers against best practice protocols.
High-Tech Bridge has also recently implemented a Live SSL Security World Map, which shows the state of security of recently tested SSL/TLS servers located in all over the world.
[su_box title=”About Dr. Muhammad Malik” style=”noise” box_color=”#336588″][short_info id=’100137′ desc=”true” all=”false”][/su_box]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.