Dimension Data's Ng said that of the 12,000 Web applications recently scanned the Web App Consortium showed that 15% can be easily compromised using automatic scanning tools. About 6,000 Web sites are also suffering from medium to high vulnerabilities.
"This shows that most enterprises' applications may contain Web application vulnerabilities that they don't recognize," he warned. "If your organization is not doing regular testing of your application and your development team relies only on 3rd party vendors, I'd recommend a study of your Web development practice and procedures."
OWASP assists companies detect attacks in various database and helps them understand what devices or tools they need to deploy to protect their Web applications from DDoS attacks, according to Anthony Lai, chairman of OWASP Hong Kong Chapter.
"The problem with Hong Kong companies is that they don't know what secure application is, because of the lack of standards in developing Web applications; risk management is also not strictly implemented," Lai said. "OWASP can help on this area since we've been promoting Web security for almost a decade now."
He added that the basic principle is that every Web application should be developed as secure as possible. This is because the later vulnerability is detected in the life cycle of a Web application, the greater the risk of a successful attack, and often also the amount of work involved in correcting the issue.
Sign up for CIO Asia eNewsletters.