wonderfully unique software solutions

Few follow best security practice on web apps for file uploading, says Opswat

A survey by Opswat has found low levels of best practice around web application security — despite concerns about the rise in malware attacks in the past year.

According to the zero-trust focused security vendor, this means that critical infrastructure industries are vulnerable.

“Eighty-two percent of organisations with web applications that accept file uploads have increased concerns about malware attacks in the last year, but only eight percent implement security best practices,” Opswat said.

The company said that its poll suggested that about a third of organisations that have taken advantage of the convenience of web applications for file uploads do not also scan all file uploads to detect malicious files.

Also, the majority do not “sanitise” file uploads with content disarm reconstruction (CDR) to prevent unknown malware and zero-day attacks, it said, despite rising risk in the hybrid workplace.

Opswat notes that the Open Web Application Security Project (OWASP) nonprofit, which tracks the most common risks for web application security and provides best practices for their mitigation, has identified unrestricted file uploads” as presenting risk.

Files can hide malware that can give attackers direct access to organisational IT, systems, information and data, it points out.

Other findings from Opswat’s survey include that 49% of critical infrastructure industries were extremely concerned about the risks of file uploading, compared to 36% of other industries.

“Loss of revenue and reputational damage are top concerns in the event of an attack. Two-thirds of organisations [that we surveyed] with a web application for file uploads are concerned about reputational damage or a loss in business or revenue related to unsecure file uploads,” the company said.

“Organisations aren’t following best practices, they aren’t using comprehensive anti-virus technology effectively, and most are not using CDR technology to prevent known and unknown attacks.”

( Photo by Mick Haupt on Unsplash )

Recent Articles

N-able teams up with US cybersecurity agency on RMM tactics

Remote monitoring and management (RMM) software vendor N-able has announced it is working with the US Cybersecurity and Infrastructure Security Agency (CISA)...

Nitro with Level Access launches accessibility upgrade for PDF management

E-documentation company Nitro has teamed up with digital accessibility as a service provider Level Access on an accessible version of the former's...

CoreView expects further sales growth as Microsoft launches ‘disruptive’ tools

Microsoft 365 (M365) management software vendor CoreView is gearing up for greater demand, predicted to be fuelled further by AI adoption via...

Keeper Security expands global reach with new investments in zero-trust security

Keeper Security has opened an Asia-Pacific (APAC) headquarters in Japan, reflecting increased global interest and investment in unified, zero-trust enterprise passwords, secrets...

iSpring follows Salesforce integration with Albato no-code automation

Edtech software vendor iSpring Solutions has announced integration of the iSpring Learn learning management system (LMS) with no-code automation from Albato, expanding...

Related Stories

Leave A Reply

Please enter your comment!
Please enter your name here

Weirdware monthly - Get the latest news in your inbox