{"id":836,"date":"2011-11-30T18:49:46","date_gmt":"2011-11-30T23:49:46","guid":{"rendered":"http:\/\/techtonictimes.com\/?p=836"},"modified":"2011-11-30T18:49:46","modified_gmt":"2011-11-30T23:49:46","slug":"owasp","status":"publish","type":"post","link":"https:\/\/www.abrahamsconsulting.com\/blog\/owasp\/","title":{"rendered":"OWASP!"},"content":{"rendered":"<p><a href=\"http:\/\/abrahamsconsulting.com\/blog\/wp-content\/uploads\/2011\/11\/Wasp_attack23.jpg\"><img fetchpriority=\"high\" decoding=\"async\" class=\"alignleft size-medium wp-image-842\" title=\"Wasp_attack2\" alt=\"\" src=\"http:\/\/abrahamsconsulting.com\/blog\/wp-content\/uploads\/2011\/11\/Wasp_attack23-300x231.jpg\" width=\"300\" height=\"231\" srcset=\"https:\/\/www.abrahamsconsulting.com\/blog\/wp-content\/uploads\/2011\/11\/Wasp_attack23-300x231.jpg 300w, https:\/\/www.abrahamsconsulting.com\/blog\/wp-content\/uploads\/2011\/11\/Wasp_attack23.jpg 496w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/><\/a>\u00a0<strong><span style=\"color: #0000ff;\">Did you know that a recent study by the <em>Aberdeen Group<\/em> of more than 150 organizations found that the average total cost to fix a single application security incident is approximately $300,000.00?<\/span><\/strong><\/p>\n<p>Let&#8217;s just say for argument sake that the researchers are lying or that they are total imbeciles and it is really only half that amount?<\/p>\n<p>Would your Chief Financial Officer consider it sheer delight to cough up $150,000 to cure a problem that could have been prevented?<\/p>\n<p>We all know the answer to that, don&#8217;t we?<\/p>\n<p>So then, why has the marketplace been so slow to adopt a strategic initiative to prevent exposure to this pervasive risk?<\/p>\n<p><em>Slow?<\/em><\/p>\n<p>Yes.<\/p>\n<p>Slow, like molasses going up hill in the dead of winter.<\/p>\n<p>Get the picture?<\/p>\n<p>No?<\/p>\n<p>Okay, here are\u00a0 the numbers:<\/p>\n<ul>\n<li>70% of organizations do not consider <strong>application security<\/strong> a strategic initiative<\/li>\n<li>67% of web vulnerabilities are UN-patched<\/li>\n<li>49% of web vulnerabilities are considered critical<\/li>\n<li>Less than 20% of i<em>nformation securit<\/em>y budget and attention are allocated to Web Application budget security which represents:<\/li>\n<\/ul>\n<blockquote>\n<h2 style=\"text-align: center;\"><strong>80% of security risks<\/strong><\/h2>\n<\/blockquote>\n<p style=\"text-align: left;\">This glaring disconnect between the acknowledgement of security issues and the willingness to fix them provides much fodder for great conversation at happy hour but talk does little to mitigate this burgeoning security risk.<\/p>\n<p style=\"text-align: left;\">Additionally,<\/p>\n<ul>\n<li>there were 450,000<em> SQL injection per day<\/em>, <em>USA Today, March 2009<\/em><\/li>\n<li><em>Security breache<\/em>s cost $202 per exposed record , <em>SC, February 2009<\/em><\/li>\n<\/ul>\n<p>And furthermore,<\/p>\n<ul>\n<li>Clean up cost for fixing a single bug in a Web Application ranges from $400 to $4000.00<\/li>\n<li>It consumes 40 man-hours at $100\/hr. to fix one vulnerability, and<\/li>\n<li>It is 6.5 times expensive to fix a flaw in development than during design, 15 times more in testing and 100 times more in deployment according to the National Institute of Standards and Technology (NIST)<\/li>\n<li>70% of successful attacks are now at the application layer AND<\/li>\n<\/ul>\n<blockquote>\n<h4 style=\"text-align: center;\"><strong>100% of all vulnerabilities in homegrown applications are in place prior to production \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/strong>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 \u00a0 \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 &#8212;Gartner \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <strong><\/strong><\/h4>\n<\/blockquote>\n<p>So, now that I have exposed the harsh reality here in this post <em>again<\/em>, I know it will be very easy to forget because,<\/p>\n<p>Well,<\/p>\n<p>Life happens.<\/p>\n<p>But don&#8217;t get <strong>stung.<\/strong><\/p>\n<p><strong><\/strong>Sign up for a free demonstration of\u00a0 our <strong><a href=\"https:\/\/www.trustwave.com\/web-application-firewall\/waf-overview.php\">Web Application Firewall\u00a0<\/a> <\/strong>also known as <em><strong>Web Defend<\/strong><\/em>, which is perhaps the best vaccine\u00a0 against infection.<\/p>\n<p>So says,<\/p>\n<h3><strong>John Hopkins University<\/strong>.<\/h3>\n<p>They should know. They are using <em>Web Defend.<\/em><\/p>\n<blockquote>\n<p style=\"text-align: center;\"><span style=\"color: #3366ff;\"><strong>&#8220;<\/strong><strong><\/strong><strong>After the first few weeks, the WAF began telling us how well were doing instead of how many problems we had. As we addressed the issues the WAF pointed out, the news became more and more positive. Today we see very few successful threats and enjoy seeing the hundreds of thousands of failures.&#8221;<\/strong><\/span><\/p>\n<p style=\"text-align: center;\">\n<\/blockquote>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u00a0Did you know that a recent study by the Aberdeen Group of more than 150 organizations found that the average total cost to fix a single application security incident is approximately $300,000.00? Let&#8217;s just say for argument sake that the researchers are lying or that they are total imbeciles and it is really only half [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":837,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8,12],"tags":[56,78,113,114],"class_list":["post-836","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-techtonic-times","category-web-applicaiton-security","tag-john-hopkins-university","tag-owasp","tag-web-application-security","tag-web-defend"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.2 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>The Open Web Application Security Project<\/title>\n<meta name=\"description\" content=\"Exploring Threats and Risks to Application Security.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.abrahamsconsulting.com\/blog\/owasp\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"The Open Web Application Security Project\" \/>\n<meta property=\"og:description\" content=\"Exploring Threats and Risks to Application Security.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.abrahamsconsulting.com\/blog\/owasp\/\" \/>\n<meta property=\"og:site_name\" content=\"TechTonic Times\" \/>\n<meta property=\"article:published_time\" content=\"2011-11-30T23:49:46+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.abrahamsconsulting.com\/blog\/wp-content\/uploads\/2011\/11\/Wasp_attack2.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"496\" \/>\n\t<meta property=\"og:image:height\" content=\"382\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Angela Gibson\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Angela Gibson\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.abrahamsconsulting.com\/blog\/owasp\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.abrahamsconsulting.com\/blog\/owasp\/\"},\"author\":{\"name\":\"Angela Gibson\",\"@id\":\"https:\/\/www.abrahamsconsulting.com\/blog\/#\/schema\/person\/2af41230f21d0cfc614be7ffd1cbcdad\"},\"headline\":\"OWASP!\",\"datePublished\":\"2011-11-30T23:49:46+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.abrahamsconsulting.com\/blog\/owasp\/\"},\"wordCount\":429,\"commentCount\":0,\"image\":{\"@id\":\"https:\/\/www.abrahamsconsulting.com\/blog\/owasp\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.abrahamsconsulting.com\/blog\/wp-content\/uploads\/2011\/11\/Wasp_attack2.jpg\",\"keywords\":[\"John Hopkins University\",\"OWASP\",\"Web Application Security\",\"Web Defend\"],\"articleSection\":[\"Techtonic Times\",\"Web Applicaiton Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.abrahamsconsulting.com\/blog\/owasp\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.abrahamsconsulting.com\/blog\/owasp\/\",\"url\":\"https:\/\/www.abrahamsconsulting.com\/blog\/owasp\/\",\"name\":\"The Open Web Application Security Project\",\"isPartOf\":{\"@id\":\"https:\/\/www.abrahamsconsulting.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.abrahamsconsulting.com\/blog\/owasp\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.abrahamsconsulting.com\/blog\/owasp\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.abrahamsconsulting.com\/blog\/wp-content\/uploads\/2011\/11\/Wasp_attack2.jpg\",\"datePublished\":\"2011-11-30T23:49:46+00:00\",\"author\":{\"@id\":\"https:\/\/www.abrahamsconsulting.com\/blog\/#\/schema\/person\/2af41230f21d0cfc614be7ffd1cbcdad\"},\"description\":\"Exploring Threats and Risks to Application Security.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.abrahamsconsulting.com\/blog\/owasp\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.abrahamsconsulting.com\/blog\/owasp\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.abrahamsconsulting.com\/blog\/owasp\/#primaryimage\",\"url\":\"https:\/\/www.abrahamsconsulting.com\/blog\/wp-content\/uploads\/2011\/11\/Wasp_attack2.jpg\",\"contentUrl\":\"https:\/\/www.abrahamsconsulting.com\/blog\/wp-content\/uploads\/2011\/11\/Wasp_attack2.jpg\",\"width\":496,\"height\":382},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.abrahamsconsulting.com\/blog\/owasp\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.abrahamsconsulting.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"OWASP!\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.abrahamsconsulting.com\/blog\/#website\",\"url\":\"https:\/\/www.abrahamsconsulting.com\/blog\/\",\"name\":\"TechTonic Times\",\"description\":\"Security I Networking I Storage I IT Staffing I Managed Services\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.abrahamsconsulting.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.abrahamsconsulting.com\/blog\/#\/schema\/person\/2af41230f21d0cfc614be7ffd1cbcdad\",\"name\":\"Angela Gibson\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/c54bf3cfef1d2416a64501386c44cf093ab7044f0c0830ffd697ffb5d92636a2?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/c54bf3cfef1d2416a64501386c44cf093ab7044f0c0830ffd697ffb5d92636a2?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/c54bf3cfef1d2416a64501386c44cf093ab7044f0c0830ffd697ffb5d92636a2?s=96&d=mm&r=g\",\"caption\":\"Angela Gibson\"},\"url\":\"https:\/\/www.abrahamsconsulting.com\/blog\/author\/admin\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"The Open Web Application Security Project","description":"Exploring Threats and Risks to Application Security.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.abrahamsconsulting.com\/blog\/owasp\/","og_locale":"en_US","og_type":"article","og_title":"The Open Web Application Security Project","og_description":"Exploring Threats and Risks to Application Security.","og_url":"https:\/\/www.abrahamsconsulting.com\/blog\/owasp\/","og_site_name":"TechTonic Times","article_published_time":"2011-11-30T23:49:46+00:00","og_image":[{"width":496,"height":382,"url":"https:\/\/www.abrahamsconsulting.com\/blog\/wp-content\/uploads\/2011\/11\/Wasp_attack2.jpg","type":"image\/jpeg"}],"author":"Angela Gibson","twitter_misc":{"Written by":"Angela Gibson","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.abrahamsconsulting.com\/blog\/owasp\/#article","isPartOf":{"@id":"https:\/\/www.abrahamsconsulting.com\/blog\/owasp\/"},"author":{"name":"Angela Gibson","@id":"https:\/\/www.abrahamsconsulting.com\/blog\/#\/schema\/person\/2af41230f21d0cfc614be7ffd1cbcdad"},"headline":"OWASP!","datePublished":"2011-11-30T23:49:46+00:00","mainEntityOfPage":{"@id":"https:\/\/www.abrahamsconsulting.com\/blog\/owasp\/"},"wordCount":429,"commentCount":0,"image":{"@id":"https:\/\/www.abrahamsconsulting.com\/blog\/owasp\/#primaryimage"},"thumbnailUrl":"https:\/\/www.abrahamsconsulting.com\/blog\/wp-content\/uploads\/2011\/11\/Wasp_attack2.jpg","keywords":["John Hopkins University","OWASP","Web Application Security","Web Defend"],"articleSection":["Techtonic Times","Web Applicaiton Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.abrahamsconsulting.com\/blog\/owasp\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.abrahamsconsulting.com\/blog\/owasp\/","url":"https:\/\/www.abrahamsconsulting.com\/blog\/owasp\/","name":"The Open Web Application Security Project","isPartOf":{"@id":"https:\/\/www.abrahamsconsulting.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.abrahamsconsulting.com\/blog\/owasp\/#primaryimage"},"image":{"@id":"https:\/\/www.abrahamsconsulting.com\/blog\/owasp\/#primaryimage"},"thumbnailUrl":"https:\/\/www.abrahamsconsulting.com\/blog\/wp-content\/uploads\/2011\/11\/Wasp_attack2.jpg","datePublished":"2011-11-30T23:49:46+00:00","author":{"@id":"https:\/\/www.abrahamsconsulting.com\/blog\/#\/schema\/person\/2af41230f21d0cfc614be7ffd1cbcdad"},"description":"Exploring Threats and Risks to Application Security.","breadcrumb":{"@id":"https:\/\/www.abrahamsconsulting.com\/blog\/owasp\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.abrahamsconsulting.com\/blog\/owasp\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.abrahamsconsulting.com\/blog\/owasp\/#primaryimage","url":"https:\/\/www.abrahamsconsulting.com\/blog\/wp-content\/uploads\/2011\/11\/Wasp_attack2.jpg","contentUrl":"https:\/\/www.abrahamsconsulting.com\/blog\/wp-content\/uploads\/2011\/11\/Wasp_attack2.jpg","width":496,"height":382},{"@type":"BreadcrumbList","@id":"https:\/\/www.abrahamsconsulting.com\/blog\/owasp\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.abrahamsconsulting.com\/blog\/"},{"@type":"ListItem","position":2,"name":"OWASP!"}]},{"@type":"WebSite","@id":"https:\/\/www.abrahamsconsulting.com\/blog\/#website","url":"https:\/\/www.abrahamsconsulting.com\/blog\/","name":"TechTonic Times","description":"Security I Networking I Storage I IT Staffing I Managed Services","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.abrahamsconsulting.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.abrahamsconsulting.com\/blog\/#\/schema\/person\/2af41230f21d0cfc614be7ffd1cbcdad","name":"Angela Gibson","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/c54bf3cfef1d2416a64501386c44cf093ab7044f0c0830ffd697ffb5d92636a2?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/c54bf3cfef1d2416a64501386c44cf093ab7044f0c0830ffd697ffb5d92636a2?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/c54bf3cfef1d2416a64501386c44cf093ab7044f0c0830ffd697ffb5d92636a2?s=96&d=mm&r=g","caption":"Angela Gibson"},"url":"https:\/\/www.abrahamsconsulting.com\/blog\/author\/admin\/"}]}},"_links":{"self":[{"href":"https:\/\/www.abrahamsconsulting.com\/blog\/wp-json\/wp\/v2\/posts\/836","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.abrahamsconsulting.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.abrahamsconsulting.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.abrahamsconsulting.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.abrahamsconsulting.com\/blog\/wp-json\/wp\/v2\/comments?post=836"}],"version-history":[{"count":0,"href":"https:\/\/www.abrahamsconsulting.com\/blog\/wp-json\/wp\/v2\/posts\/836\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.abrahamsconsulting.com\/blog\/wp-json\/wp\/v2\/media\/837"}],"wp:attachment":[{"href":"https:\/\/www.abrahamsconsulting.com\/blog\/wp-json\/wp\/v2\/media?parent=836"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.abrahamsconsulting.com\/blog\/wp-json\/wp\/v2\/categories?post=836"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.abrahamsconsulting.com\/blog\/wp-json\/wp\/v2\/tags?post=836"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}