Application Security- Not Sufficient!
A study was recently conducted among 800 It executives which found that there is a huge difference between the perception of Security from the viewpoint of the developer and security professionals. Security professionals view the applications in a far more optimistic light- stating that they are secure enough, whilst developers say that their applications run in their enterprise are no way near secure enough.
For more information please go to:
Is application security the obvious weakness in your organization?
A survey conducted showed that most security professionals don’t prioritize application security- which is shocking considering SQL injection attacks are the main cause of data breaches!
A staggering 68% of developers from assorted organizations were the victims of at least one data breach in the past 2 years due to hacked or vulnerable applications. Despite this, most developers still are not giving adequate attention to their application security; a fact which has been extremely costly.
Internet Security is better but the hackers are much more sophisticated
There have been a few surprising improvements in internet security- the reduction in application vulnerabilities, code exploits and even spamming but these improvements have been met with an influx of more sophisticated attacks.
The results of the report were; a 50 % reduction in spam, higher quality application code and fewer exploits.
The bad side of the report was that shell command injection vulnerabilities have more than doubled. SQL injection attacks have always been an incredibly popular method of attack amongst hackers- where the hacker manipulates the database behind a website. Furthermore, poor passwords and password guessing is also on the rise, as is there an increase in phishing.
Microsoft leaked sample attack code to hackers
Microsoft hastens to warn users that a POC code which can exploit a critical vulnerability which involves RDP in windows has been mistakenly leaked.
The software giant warned users that ‘due to the attractiveness of this vulnerability to hackers, we anticipate that an exploit for code execution will be developed in the next 30 days’. March 16th, Microsoft researcher, Yunsun Wee informed the pubic that they should be aware of this unfortunate leak. He went on to explain that the details of the POC code appeared to match the information which was shared with the Microsoft active protections program, which suggests that one of the partners may have inadvertently or deliberately leaked the code.
Malicious Web Apps
Today web apps are much more convenient and universal than ever before therefore, Understanding the risks that can come with them are crucial.
A malicious Web app can appear as, a link in an email message or a poisonous add on trusted web sites and once you click it, it runs malicious code and slowly corrupts your system.
Can we protect ourselves? First of all, be aware of the danger and if there is ever a doubt, don’t click! Keep your security software up-to-date and enable automatic updates so that you can be protected from the latest malware
Hackers’ primary focus
Significant reduction in the amount of breaches that were found in Internet security threats as spam and software application code as cross-site scripting according to IBM’s X-Force security report for 2011. However, hackers are now focusing their interest in Mobile devices, social media and the cloud.
How to Secure Software
While security risks are rocking sky high, hackers are attacking at overwhelming rates and nearly a quarter of the security personnel experienced a data breach over the past 2 years. Organizations are still not establishing proper security remediation methods or showing an understanding of how an application security process should be developed.