Web applications are now at the heart of systems across both the private and public sectors. And a plethora of systems now work via web interfaces and API calls. Some estimates suggest any one enterprise will now run hundreds, if not thousands, of web apps. And that’s before adding in technologies such as Kubernetes.
Research from security vendor Qualys suggests that a third of significant vulnerabilities are found in network infrastructure and web applications. But CISOs might not even know which applications the business is running, let alone whether they are secure.
Our guest for this episode is Alex Kreilein, vice president for product security at Qualys.
He discusses why identifying and securing vital web applications is essential to enterprise security, and how a fixation on technical CVEs does little to boost defences. Plus, why both security pros and security journalists like a pie analogy.
Interview by Stephen Pritchard.
Listeners can also view the Qualys research on the firm’s blog.