The year 2020 won’t go down in history as one of the best, for sure. However, it has actually led to some positive developments. Let us take a look at 2020 in the world of web application security, share our own experiences, and point out some valuable content that we brought to you this year.
Effects of the Pandemic on Web Application Security
There were two primary reasons why the COVID-19 pandemic had an immediate impact on IT security and web application security:
- One of the first measures introduced everywhere to combat the pandemic was social distancing, which meant an immediate shift towards remote work.
- The feelings of panic and uncertainty associated with COVID-19 were useful to malicious threat actors as tools to attack the weakest point of IT security – the human factor.
The following effects were felt in the general IT security landscape – none of them surprising:
- Businesses strongly realized that it is more difficult to manage the security of endpoints used by remote employees than local, physically accessible computers, especially if employees are allowed to use their private hardware for work.
- For anyone working with any kind of sensitive information, connection security became a problem and therefore VPN connections became commonplace. This was also an opportunity for VPN vendors to try and sell their home solutions more aggressively.
- Due to endpoint security issues and the panic effect, pandemic-based phishing became commonplace and the world experienced a major rise in the total number of phishing attacks.
- Ransomware gangs made medical institutions their targets, knowing that they have a chance to extort money quickly, especially if the impacted institution is involved in pandemic-related research.
- Many companies had organizational problems, experienced chaos, and threat actors perceived that as a great opportunity for attacks, especially ransomware. The “cherry on top” was the recent revelation of the SolarWinds hack, which impacted more than 18,000 organizations around the world.
What does the above mean to web application security?:
- Some businesses shifted their IT security focus from web application security to endpoint security. This was not the best move because it was expected by threat actors who could then exploit web vulnerabilities more easily.
- Due to the difficulties of managing remote employees and internal networks together, more organizations became inclined to move to the cloud. Since the cloud requires web application security, these organizations are more and more realizing that they need to shift their security focus to this area.
Therefore, the final effect of the shift to remote work is actually… increased importance of web security.
The Pandemic and Us
As a modern, agile, global organization we felt no effects of the pandemic on the quality of our work. It turned out that a sudden shift to home offices was not only welcome by many but it did not have any negative effects, except missing the sight of our colleagues face-to-face. We realized that our teams work great together even if physically apart. This could actually be perceived as a very positive effect of the pandemic on work culture, not only for us.
The pandemic did not alter our development plans, either. The company keeps growing very quickly and our ambitious 2020 roadmap is completed. Our plans for 2021 are even more ambitious and we’re well underway working on them. We realize that with the growing importance of web application security, we are needed more than ever and we must give it all we’ve got to make sure that our customers can cover all the bases.
We realize that not everyone had it that easy. That is one of the reasons why back in March we offered complimentary licenses to agencies fighting COVID-19.
A Look Back at the Blog
Last but not least, let’s have a look at some of our most valuable blog posts this year.
The year 2020 has been quite revolutionary to Acunetix as a product. Here are some highlights from our releases:
In 2020, we brought you the following reports, whitepapers, and deep case studies:
An area that we focused on strongly this year is spreading the understanding of why web application security is important, how is it sometimes misunderstood, and where to begin:
We’d like to conclude by honoring a great addition to our team, Kevin Attard Compagno, who has brought tons of very useful practical content to our blog (in addition to continuously improving support documentation). Here are some of the key areas that he focused on with his practical guides:
- Step-by-step guides to scanning intentionally vulnerable applications to test the effectiveness of the scanner: OWASP Juice Shop, bWAPP.
- Step-by-step integration guides for Jira, Jenkins, GitHub, GitLab, Azure DevOps.
- Step-by-step guides to scanning web services and APIs: SOAP, REST, GraphQL.
- Examples showing how to use the Acunetix API: using Python, Bash, and PowerShell.
- Other interesting step-by-step tutorials, for example, scanning Google OAuth 2.0, scanning an application in Docker using AcuSensor IAST, how to use the new feature of Acunetix: Business Logic Recorder, and more.
Thank you for being with us this year and thank you for being our regular blog reader. We look forward to next year and to bringing you more and more innovation with Acunetix.
Get the latest content on web security
in your inbox each week.