What’s HOT in Application Security Vol#6

Mar 26, 2012 By Administrator

Application Security- Not Sufficient!Application Security News

A study was recently conducted among 800 It executives which found that there is a huge difference between the perception of Security from the viewpoint of the developer and security professionals. Security professionals view the applications in a far more optimistic light- stating that they are secure enough, whilst developers say that their applications run in their enterprise are no way near secure enough.

For more information please go to:
http://www.itworld.com/security/260368/developers-say-application-security-lacking

Is application security the obvious weakness in your organization?

A survey conducted showed that most security professionals don’t prioritize application security- which is shocking considering SQL injection attacks are the main cause of data breaches!

A staggering 68% of developers from assorted organizations were the victims of at least one data breach in the past 2 years due to hacked or vulnerable applications. Despite this, most developers still are not giving adequate attention to their application security; a fact which has been extremely costly.

http://www.pcadvisor.co.uk/news/security/3346675/is-application-security-glaring-hole-in-your-defense/

Internet Security is better but the hackers are much more sophisticated

There have been a few surprising improvements in internet security- the reduction in application vulnerabilities, code exploits and even spamming but these improvements have been met with an influx of more sophisticated attacks.

The results of the report were; a 50 % reduction in spam, higher quality application code and fewer exploits.
The bad side of the report was that shell command injection vulnerabilities have more than doubled. SQL injection attacks have always been an incredibly popular method of attack amongst hackers- where the hacker manipulates the database behind a website. Furthermore, poor passwords and password guessing is also on the rise, as is there an increase in phishing.

http://www.itworld.com/security/260368/developers-say-application-security-lacking

Microsoft leaked sample attack code to hackers

Microsoft hastens to warn users that a POC code which can exploit a critical vulnerability which involves RDP in windows has been mistakenly leaked.
The software giant warned users that ‘due to the attractiveness of this vulnerability to hackers, we anticipate that an exploit for code execution will be developed in the next 30 days’. March 16th, Microsoft researcher, Yunsun Wee informed the pubic that they should be aware of this unfortunate leak. He went on to explain that the details of the POC code appeared to match the information which was shared with the Microsoft active protections program, which suggests that one of the partners may have inadvertently or deliberately leaked the code.

http://www.infosecurity-magazine.com/view/24652/microsoft-says-sample-attack-code-leaked-to-hackers/

Malicious Web Apps

Today web apps are much more convenient and universal than ever before therefore, Understanding the risks that can come with them are crucial.
A malicious Web app can appear as, a link in an email message or a poisonous add on trusted web sites and once you click it, it runs malicious code and slowly corrupts your system.
Can we protect ourselves? First of all, be aware of the danger and if there is ever a doubt, don’t click! Keep your security software up-to-date and enable automatic updates so that you can be protected from the latest malware

http://www.pcworld.com/businesscenter/article/251995/malicious_web_apps_how_to_spot_them_how_to_beat_them.html

Hackers’ primary focus

Significant reduction in the amount of breaches that were found in Internet security threats as spam and software application code as cross-site scripting according to IBM’s X-Force security report for 2011. However, hackers are now focusing their interest in Mobile devices, social media and the cloud.

http://www.cioinsight.com/c/a/Latest-News/IBM-Security-Improving-but-CyberCriminals-Are-Adapting-757749/

How to Secure Software

While security risks are rocking sky high, hackers are attacking at overwhelming rates and nearly a quarter of the security personnel experienced a data breach over the past 2 years. Organizations are still not establishing proper security remediation methods or showing an understanding of how an application security process should be developed.

http://www.marketwatch.com/story/groundbreaking-application-security-maturity-study-from-ponemon-institute-reveals-that-organizations-are-unsure-how-to-secure-their-software-2012-03-20

The following two tabs change content below.

Administrator

Latest posts by Administrator (see all)

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Get a Checkmarx Free Demo Now

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.