Building a Holistic VRM Strategy That Includes the Web Application Layer

Building a Holistic VRM Strategy That Includes the Web Application Layer

Building security into your overall vulnerability risk management (VRM) strategy is a must-do in the age of the all-important web app. Between security and IT-Ops teams, there are a number of steps in the VRM process, including asset identification, enumeration, prioritization, and remediation. How does application security fit in?


Co-sponsored by Forrester, a recent Rapid7 webcast expounds upon the topics discussed in this blog post. The distinguished subject-matter experts and presenters also dive deep into the nitty gritty of what it takes to get a better night’s sleep by creating a VRM strategy that extends to the application layer. Watch the webcast here, and read on for our recap below!


Web applications and APIs are assets, too


Applications are one of the most common ways attackers are getting in. In a recent survey, Forrester found that 31% of firms suffered a breach as a result of an external attack, with applications serving as one of the most common attack vectors. Along with all other assets in a VRM program, web apps must be prioritized as assets that need to be covered.


Knowing this, security leaders have started to think harder about application security. But just because it’s a top priority, does that mean it’s the company’s? Bringing stakeholders into the process early is key, because getting that application layer covered affects the entire organization. The more buy-in and support from everyone who has a stake in getting secure products to customers, the more value everyone gets from a comprehensive VRM investment.



Support the originator by clicking the read the rest link below.