Get a free application, infrastructure and malware scan report - Scan Your Website Now

Subscribe to our Newsletter
Try AppTrana WAAP (WAF)

Managed WAF

Starts at $99

Guided onboarding, monitoring of latency, false positives, and DDoS attacks, custom rules, and more

Try Free For 14 Days

Post Heartbleed, now what?

Posted DateApril 24, 2014
Posted Time 2   min Read

It’s been over two weeks since the world got to know that websites online were vulnerable due to the OpenSSL Heartbleed vulnerability. By now, most website owners would have mitigated this risk by implementing the right security fixes in place and users would have updated their passwords across these websites. So, can we say all is well? No. Not so soon.

Firstly, it is still too early to say how much of a negative impact the Heartbleed vulnerability has caused to organizations. The first confirmed victims are reportedly Canada’s tax agency and a UK parenting site.

Secondly, our analysis has proved that some websites have been slower to implement the latest internet technologies, hence as a result was saved from this exposure. However, organizations cannot stay backward in technology for too long, else the vulnerabilities will catch up to them and they will get exploited, if not today, then sometime in the future.

Organizations will need to take stock of the versions of internet technologies in use. If they do not have the latest versions in place, then check which of the latest versions are the most stable and work with their IT departments/partners to implement them over the next few months. While this is happening, it will be good to have the right security tools in place and perform continuous website security checks that will share regular security updates to the business owners. Here are some recommendations which will help in achieving this:

      • Place a Web Application Firewall to block vulnerabilities, thus instantly protecting websites from attacks
      • Perform application security tests for web and mobile applications which will check for vulnerabilities and malware on a continuous basis
      • Have a strong encryption program using SSL
      • Conduct Vulnerability Assessments at least every quarter to understand the strength of your network to withstand attacks
      • Get regular application security and compliance audits done to check the overall security posture of the organization‘s internet-facing assets

Stay tuned for more relevant and interesting security articles. Follow Indusface on FacebookTwitter, and LinkedIn.

web application security banner

Venkatesh Sundar

Venky is an Application Security technologist who built the new age Web application Scanner and Cloud WAF - AppTrana at Indusface as a Founding CTO. Currently, he spends his time on driving Product Roadmap, Customer Success, Growth, and technology adoption for US businesses.

Share Article:

Join 47000+ Security Leaders

Get weekly tips on blocking ransomware, DDoS and bot attacks and Zero-day threats.

We're committed to your privacy. indusface uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.

Related Posts

Heartbleed or Shellshock
Heartbleed or Shellshock – Which one is more danger?

There have been several atrocious security vulnerabilities announced in the last few months, with “Heartbleed” in web servers and Shellshock in shell command lines. There are too many questions in the.

Read More
Heartbleed still bleeding your security
Heartbleed still bleeding your security?

Google and Codenomicon were responsible for finding the Heartbleed bug which had remained hidden for more than two years.

Read More
OpenSSL MITM CCS vulnerability
OpenSSL MITM CCS vulnerability and its impact

Within weeks of the infamous Heartbleed vulnerability in one of the world’s most commonly used open-source software OpenSSL, more vulnerabilities have been found in OpenSSL. One of the reasons for.

Read More

AppTrana

Fully Managed SaaS-Based Web Application Security Solution

Get free access to Integrated Application Scanner, Web Application Firewall, DDoS & Bot Mitigation, and CDN for 14 days

Get Started for Free Request a Demo

Gartner

Indusface is the only cloud WAAP (WAF) vendor with 100% Customer Recommendation for 3 consecutive years.

A Customers’ Choice for 2022 and 2023 - Gartner® Peer Insights™

The reviews and ratings are in!