Last week was a big one for tCell – we announced new research findings from our production deployments, new product features, and most importantly, new customers. Oh yeah, and we got to go meet with lots of enterprise organizations at Gartner Security and Risk Management Summit!
The State of Security for In-Production Web Applications
We published findings from anonymized tCell customer data, focusing on the attack surface of web applications in production, as well as the nature of attacks against those apps. This report is the first of its kind – real data from in-production apps. Regarding attack surface, we found some interesting things:
• Orphan routes (dead code) are present in 90% of organizations – basically, risk without any business benefit
• We found vulnerable 3rd party libraries in 88% of production apps
• CSP data indicate that applications pull content from 25 “other” domains beyond its own domain
As far as attacks, we found two trends worth highlighting:
• Account takeover/login fraud attacks hit 41% of orgs in 30 days
• Cross-site scripting (XSS) is noisy – only .001% of attacks attempted actually ”land”
Download the full report "The State of Security for In-Production Web Applications".
New Product Features for tCell
We announced three key new features reflecting our experience with customers’ production environments:
• Support for enterprise .NET applications, expanding an already comprehensive list that includes support for Ruby, Java, Node.JS, and Python.
• Point-of-attack instrumentation to detect and confirm if command injection attempts have successfully breached the app. This adds to existing instrumentation in the browser (XSS, clickjacking), database (SQL injection), and login framework (account takeover) enabling customers to both see attack attempts and successful attacks.
• Field-level encryption for increased data integrity in highly regulated industries, such as healthcare or financial services.
tCell highlighted several new customers – among them Envoy, John Muir Health, and Veeva. To learn more about their journey, check out their video case studies.
Gartner Security and Risk Management Summit
Finally, we were pleased to be at the Gartner Security and Risk Management Summit, talking with lots of enterprises. This event seems to get better every year, and there is an increasing focus on appsec – Neil MacDonald’s opening keynote highlighted the increasing importance of in-production appsec in a world where applications are shipping weekly. We agree, and see more organizations expanding their definitions of appsec beyond traditional vulnerability-only approaches.
Thanks for reading!