Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Web App Attacks - Stats & Remediation


Published on

Application security is an expensive, daunting challenge. Simplify with integrated Qualys Web Application Scanning (WAS) and Web Application Firewall (WAF).

With integrated WAS/WAF, you can:
• Detect web application vulnerabilities with WAS, and get rapid protection from attacks with WAF — all from a single console
• Address vulnerabilities discovered by WAS with one-click creation of virtual patch rules in WAF
• Use WAS scans to evaluate WAF security policies
• Scale seamlessly from a handful of apps to thousands

Learn more and get a free trial at

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Web App Attacks - Stats & Remediation

  1. 1. DESIGN CHECK YOUR ABILITY TO DETECT & PATCH FASTER TRADITIONAL FIXES ARE TOO SLOW $7 MILLION Average cost of a data breach in the US 95%Percentage of web app breaches that were financially motivated 4 – 5X Cost to fix an error found after product release vs. during design 100X Cost to fix an error identified in maintenance vs. design phase <30%Percentage of organizations satisfied with the speed of repairing vulnerabilities 55 DAYSAverage time it takes organizations to patch their systems 6 DAYS LEARN MORE AT QUALYS.COM/ONECLICK INSTALL PATCH Average time for exploit code to be released to the public Can you quickly and accurately scan thousands of web applications and APIs? Do you have the capability to immediately apply virtual patches for detected vulnerabilities? Can your web app scanning solution scale across browser-based, mobile and IoT services? Can your web app patching solution simulate attacks to verify protection is in effect? Can you detect and patch vulnerabilities early on in the app development cycle? SOURCES Ponemon 2016 Cost of Data Breach Study Verizon 2016 Data Breach Investigation Report SANS 2016 State of Application Security Report OWASP Virtual Patching Best Practices IBM Systems Sciences Institute BUSINESS IMPACT $$$$$$$$ $$$$$$$$ $$$$$$$$ 1X 6.5X 15X 100X Design Phase/Stage of the S/W Development in Which the Defect is Found 0 20 40 60 80 100 120 Implementation Testing Maintenance IDENTIFY V U LNERABILITYPATCH D EVELOPMENTTESTPAT CH DEPLOYPATCH SC AN/ASSESS ACCESS DENIED!! INITIATION PLANNING TECHNICAL ANALYSIS DEVELOPMENT QA RELEASE SECURITY WEB APP ATTACKS STATS & REMEDIATION