Why secure web application matter ?
A secure web application matters for a lot of reasons. Primarily if a web application is lacking in security, its brand image will suffer. It is a matter of trust. There are two primary reasons as to why secure web application matter:
Web application is available 24/7, 365 days a year. 366 days in a leap year. There is absolutely no margin for error. A security risk means downtime. Even if no breach have been made.
By nature, web application nature is expected to work everytime, anytime.
An example of this is Wunderlist, an application that I frequently used. Due to recent Heartbleed security risk, it have to take down its services for a few hours. As it happens, those hours happens during the time I want to use the application. Suddenly being logged out of the application is not a very good feeling.
Luckily, in these connected times, I can check on twitter or their blog to check the status of the application. So, once I found out that the application is down due to a fix on AWS for Heartbleed security risks, I can tolerate the downtime.
But, imagine if this is a business application, the pressure is going to be huge. Imagine a banking application and it is down during the day. No transaction can be made, thus the bank risks losing a lot of money. Not a very good sight.
2. Data breach
In consumer oriented web application, a lot of users uses the same username and password for all their application. So, a compromise in one web application means the user is exposed to their accounts on other application, such as Facebook, Twitter, etc.
While the fault is partly on the user for using the same combination of username and password for all their web based application, consumers are going to be angry. After all, it is not fun to change the username and password for all their web based application.
Then there is also the risk of users credit card data being stolen. Which is a whole lot more important than username and password, because a credit card have monetary value.
Those two reasons above actually translates to one thing. TRUST.
By having a secure web application, the application is going to be trusted. Trust equals great customer value. People are going to recommend application they trusted.
So, have you secured your web application ?