Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Subscribe
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Subscribe
    Home Applications
    • Applications
    • Big Data and Analytics
    • Cloud
    • Cybersecurity

    How to Fortify Your Holiday E-commerce AppSec Readiness

    Written by

    eWEEK EDITORS
    Published November 30, 2020
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      The holiday shopping season is in full swing, which has been, and will continue to be, a much-welcome boon for many brands that have seen closed brick-and-mortar shops, lesser consumer traffic and reduced revenues for nearly three quarters due to COVID-19. 

      With the pandemic still very much a looming presence, e-commerce is the true catalyst for retailer success this holiday season. In fact, Deloitte predicts online spend to rise 25% to 35% year-over-year during this year’s holiday season. However, while this surge presents a valuable and lucrative opportunity for brands, malicious actors are viewing it in a similar fashion, being highly motivated to exploit holes in e-commerce platforms for financial gain. As we know all too well, one security misstep can impact revenues, not to mention long-term brand reputation. 

      According to Verizon’s 2020 Data Breach Investigations Report, vulnerable web apps are the main cause of retail data breaches, meaning brands would be wise to prioritize the security of their e-commerce apps and software to create a safer online shopping experience for their loyal consumers. So how can they go about doing so? 

      In this edition of eWEEK Data Points, Stephen Gates, Application Security Evangelist at Checkmarx, outlines five strategies that brands should act on now to shore up their application and software security throughout the holidays and beyond. 

      Data Point No. 1: Conduct predictive and consistent security scans 

      It’s no secret that retail has been in the midst of a massive digital shift over the past few years, driven by new software, applications and technologies. This has only been heightened by COVID-19. The overnight, mandatory shift to e-commerce has been jarring for many companies. Regardless of how strong brands’ online presences were before the events of this year, they have all been forced to fine-tune how they use web-based purchasing and mobile apps to engage customers and maintain business success.

      In order to capitalize on the holiday season and avoid falling victim to hackers, brands must keep security top of mind. For brands deploying new web and mobile applications for buyers, it’s imperative to perform early and regular static application security testing scans during software development. For those with e-commerce applications already in-market, regular security scans must be conducted on a predictive and consistent basis for each new application update while the software is being developed in-house, not after it has been deployed online.

      Data Point No. 2: Address open source now or pay later

      As brands roll out updates and enhancements to their existing e-commerce applications or deploy new ones in order to maintain a competitive advantage, it’s essential to manage their open source software risks when open-source libraries are in use within their home-grown retail applications. In the event that a vulnerability is discovered in open-source software a retailer is using, they must work quickly to patch that vulnerability or find a more-secure option.  

      Companies are not only responsible for their own security, but also that of their trusting customers. Since open-source libraries and components are likely in use in many e-commerce applications, software composition analysis is imperative to managing open source vulnerability risks, license risks and outdated libraries no longer being maintained by the developer community. It’s best to address open source usage during software development vs. paying fines and penalties for a breach caused by a vulnerable open source component down the line.

      Data Point No. 3: Analyze API risks

      Application programming interfaces (APIs) rapidly have become the technological backbone (so to speak) of nearly every application and piece of software. Backend APIs enable technology providers, manufacturers, suppliers, retailers and shippers to communicate and share data with one another, while consumers unknowingly are using APIs themselves when making purchases from mobile apps. As a result of the vast API consumption in e-commerce, the OWASP API Security Top 10 list of risks must be taken to heart for organizations who depend on APIs for their retail operations – which at this point is likely all of them.

      By nature, mobile apps using APIs often allow access to an abundance of data that can include personally identifiable information (PII) of customers, since APIs often rely on endpoint filtering from mobile apps themselves. Because of this, APIs and mobile apps increasingly have become one of the biggest targets for attackers. While API usage often can fly under the radar from a software security perspective, brands must take a microscope to their own API security approaches. At the same time, they must highly scrutinize their API integrations to ensure that third-party providers are employing the same security standards.

      Data Point No. 4: Ensure developer security awareness and training

      Security can no longer rest on the laurels of retailers’ IT departments, much like it also can’t fall solely on software developers or AppSec teams. If security is going to be effective, security awareness and training must become everyone’s responsibility, embedded throughout the organization and championed by the executive team and/or board of directors. With consumer demand skyrocketing as they currently shop almost exclusively through e-commerce channels, secure software development must be part of the bigger equation to preserve their privacy and hard-earned trust. 

      To improve software security overall, secure coding education for developers is needed more than ever before. Since many of the software vulnerabilities found in e-commerce applications (and elsewhere) tend to stem from repetitive coding errors that lead to vulnerable applications, having real-time, train-while-you-code training modules embedded into the tools developers used daily is a high priority. 

      Data Point No. 5: Find More vulnerabilities during functional testing  

      As brands move faster to keep pace with online consumer demand, they’re relying more on web-based applications that enable quick, efficient and secure sales of goods and services. In the past, most brick-and-mortar retailers focused on securing their in-store point of sales devices, Wi-Fi networks and internet perimeters. While this is still critical as part of the long-term security strategy, current circumstances require that equal, if not more, attention is shifted to securing online retail applications. 

      Since online retailers fully understand that software must go through functional testing to ensure it works as intended for buyers, retailers can also take advantage of this testing process to add interactive application security testing designed to find vulnerabilities while applications are being tested for functionality, and when running in pre-deployment environments. This enables developers and AppSec teams to discover coding errors that could expose them to attacks not found during any other application security testing process.

      While the tips outlined above are geared toward brands themselves, consumers must remember that they carry equal responsibility when it comes to preserving their privacy and security during the holidays. As they rush to take advantage of lightning and flash sales and secure the hottest gifts of the season, consumers should ensure they’re shopping from trustworthy vendors and through reliable applications, and that they  aren’t inadvertently purchasing an item with known, or potential, security flaws. 

      Before clicking “buy,” they should ask themselves if this is really something they need, and if the convenience advantages for something like an IoT device outweigh the potential privacy disadvantages. 

      If you have a suggestion for an eWEEK Data Points article, email [email protected].

      eWEEK EDITORS
      eWEEK EDITORS
      eWeek editors publish top thought leaders and leading experts in emerging technology across a wide variety of Enterprise B2B sectors. Our focus is providing actionable information for today’s technology decision makers.

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.