Web Application security has become the biggest concern for almost all organizations who wish to bring their business to the Internet.
There are various reasons behind why we are still unable to fix issues like SQL Injection, Cross-Site Scripting etc. These range from developer complacency, lack of knowledge about the security issues, lack of management commitment, etc. At the same time, organizations invest in initiatives such as secure coding trainings, source code reviews, web application firewalls, etc. Which initiative should be adopted in what suggested fashion and order so that the maximum benefit can be achieved, especially in situations where budget constraints exist. Also, what are the ground realities that inhibit organizations from implementing ideal answers to these questions. This survey, is one part of our larger research project that aims at understanding these reasons by gaining insight from Developers and the Management by asking some specific questions depending upon their experience in the Industry.
A detailed analysis of the survey results will be done here at NII and the result of the same (in the form of reports) shall be delivered to you on the email address provided by you. We will not be using your email address to send you an unsolicited commercial email, unless you explicitly authorize us to do so.
Click Here to take survey!
K. K. Mookhey (PCI QSA, CISA, CISSP, CISM) is the Founder Director at Network Intelligence (www.niiconsulting.com) as well as the Founder of The Institute of Information Security (www.iisecurity.in). He is an internationally well-regarded expert in the field of IT governance, information risk management, forensic fraud investigations, compliance, and business continuity. He has more than a decade of experience in this field, having worked with prestigious clients in India such as the top 4 private bank, the top 4 public sector banks, the top 5 IT companies, and some of the largest industrial conglomerates. Internationally, he has done consulting and audit engagements for United Nations organizations, numerous Banks and manufacturing firms in the Middle East, as well as various government entities. He has published numerous articles, two books, presented at numerous conferences such as Blackhat, OWASP Asia, ISACA, Interop, and Nullcon.