Do you practice best-effort patching? This is our #1 recommendation to increase Application Security based on the OWASP SAMM model. Not only does this practice require relatively little effort to implement, omitting it will almost guarantee that your app will get exploited sooner rather than later.
Best-effort patching
Best-effort patching essentially requires you to do two things:
- Keep a list of applications and third-party components with version information.
- Regularly review public sources for vulnerabilities and update affected components.
Note that this practice does not talk about automation or managed processes for patching. The OWASP SAMM model is meant for organizations of all sizes. For smaller organizations, having a manual patching process is already a big improvement from having no patch process at all.
Next steps
Of course, you already knew patching was important, and you're probably already doing this today. That's why our next post will talk about basic data protections. Something almost every business is required by law to do, but many don't do correctly.
In the meantime, you can always perform a full OWASP SAMM assessment to see how your business can improve their
Application Security. We developed a tool for it.
And be sure to follow our LinkedIn page to learn our newest
recommendations to improve Application Security.
