Addressing the OWASP Top 10 Application Security Risks with Web Application Isolation: #2 Cryptographic Storage and #8 Software and Data Integrity Failures

Author Avatar

by

Posted on July 25, 2022

The fictional Juice Shop that I set up to demonstrate OWASP Top 10 risks is getting a workout. The Juice Shop app, which I developed on the HyperQube test platform, is designed to be super vulnerable – with “as many holes as Swiss cheese.”

In this next installment, I discuss how to quickly and easily address the security and compliance risks associated with a missing or bad SSL certificate – an issue that falls under two OWASP risk categories – Cryptographic Storage as well as Software and Integrity Failure, #2 and #8 of the OWASP Top 10.

SSL certificates provide cryptographic functions that ensure data integrity and are required for regulatory compliance. Sites lacking valid SSL certificates may be flagged as unsafe, leading to high bounce rates. But managing certificates is a hassle, and if one goes invalid, addressing the issue takes time and effort.
Ericom ZTEdge Web Application Isolation (WAI), an innovative cloud-delivered security solution that isolates web/cloud applications and their APIs from cyber-threats, functions as a much-improved, perimeter-less “next-gen” WAF solution. WAI policy-based controls that take the hassle out of managing SSL certificates, ensuring that they are always in place.

Check out the 3-minute demo right here:


Share this on:

Author Avatar

About Dr. Chase Cunningham

Creator of the Zero Trust eXtended framework and a cybersecurity expert with decades of operational experience in NSA, US Navy, FBI Cyber, and other government mission groups, Chase is responsible for Ericom’s overall strategy and technology alignment. Chase was previously VP and Principal Analyst at Forrester Research; Director of Threat Intelligence for Armor; Director of Cyber Analytics for Decisive Analytics; and Chief Cryptologic Technician, US Navy. He’s author of the Cynja series and Cyber Warfare: Truth, Tactics, and Strategies.

Recent Posts

FTC Issues Cybersecurity Warning for QR Codes

QR codes on ads are a simple way to grab potential customers before they move on. No wonder cybercriminals are using QR codes, too.

Guarding Against the Storm: Insights from Australia’s Cyber Threat Report 2022-2023

Malicious cyber activity represents a growing threat to Australia's security and prosperity. Read on for important guidance on protecting your organization.

New SEC Cybersecurity Reporting Rules Take Effect

Risk assessment is a key factor in investment decisions. Now, with SEC disclosure rules in effect, investors can more easily take cyber risk into account.