sobota 11. listopadu 2017

Protecting Web Applications in the World of GDPR

Článek na téma "Protecting Web Applications in the World of GDPR" je vystaven na portálu "SolarWinds MSP", konkrétně na adrese:
Cituji vybrané části textu:
"Businesses have embraced both the creation and use of web services and web applications at an astronomical rate. But as many companies—most recently Equifax®—have found out, protecting web services and web applications is serious business. In the case of Equifax, the failure to patch a known vulnerability in the Apache® Struts Framework led to a major data breach. If the Global Data Protection Regulation (GDPR) was already in effect, they could have faced severe repercussions for not notifying both the regulatory authorities and the data subjects within the 72-hour deadline.
It’s not unreasonable to suggest that web services are the weakest technological link in the struggle against cybercriminals. Web applications and web services are vulnerable to customer account compromise from poor user behaviour or even complete compromise due to technical flaws or weak administrative passwords. Given the mandates of GDPR to protect data subjects’ personal data, a webserver hosted by a business could present a clear and present danger of a data breach. What follows is an analysis of how website owners are responding to the danger of presenting an open portal of personal data to the internet. And if your business develops web applications, you may want to implement some of these techniques."
"To improve your application security, try building logic into your authentication process that answers the following questions: 
- Is the browser connecting up to date?
- Where is the connection coming from?
- Has the IP address connected before?
- Has the device connecting accessed the service before?
- Has the account been compromised?
- Has the account been hijacked?
- Has the user enabled multifactor or two-factor authentication (MFA, 2FA)?
Protecting Customer Data within Your Web Applications
Due to the rising threat of account compromises via web services, many website owners are building systems to ensure legitimate users and administrative users are protected. And with the increased responsibilities of organizations under GDPR, the stakes are even higher when it comes to web application security. As a website owner, you must do your best to safeguard your customers from fraudulent logins if you want to avoid a potentially severe data breach and penalties under the GDPR (and to make your sure your customers are safe).