Beyond the Perimeter: The reality of the new application security landscape presented at LayerOne 2014

by Kunal Anand,

Summary : Gartner estimates that 70% of all hacks happened at the application layer in 2013 – becoming the main attack surface for hackers, with the top threats being XSS, SQL injection and cross-site request forgery (CSRF). One of the main reasons for this is the significant change of what constitutes web-facing “applications”: they are dynamic, distributed, make use of web services, RSS feeds and other cloud-based services; they integrate with social and partner applications and Single Sign-On services; they often feature user generated content and are accessed from mobile and other untrusted devices.Yet IT security budgets have not kept up with this change in attack vectors, with less than 1% of the budget spent on application security. This talk will outline why a new approach to application security is required: one that can address the reality of today’s threat landscape where securing the perimeter is simply not enough.