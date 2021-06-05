Remember the saga of Equifax and the unpatched Apache Struts vulnerability? It wasn’t that long ago, and it’s one of the most notorious web application security incidents to date.

As more devices and applications are connected to the web, malicious hackers get more targets in which to find vulnerabilities and exploit them. According to the Verizon 2020 Data Breach Investigation Report, 43% of the breaches were caused by attacks that started on web applications. Since the COVID-19 pandemic began, the FBI has reported a 300% increase in cyber security attacks. Managing web application security at scale to prevent data breaches has been top-of-mind for many CISOs for a while, and the pandemic has only emphasized that necessity.

It has always been a race between CISOs trying to ensure that hackers don’t get access to an organization’s sensitive data via web applications, and hackers finding that one missed or unpatched vulnerability that will get them the access they want. The difference is, to prevent any such incidences, CISOs need to ensure that their risk assessment is right every time—but hackers only need to find the right vulnerability once. That’s why CISOs need to instill a security mindset in everyone, starting with developers.