What’s HOT in Application Security Vol#10

Apr 30, 2012 By Administrator

What’s Wrong with the Public Sector?
They’re failingNews from Checkmarx OWASP Top 10! 
 

OWAP Top 10- the bible of web applicaiton vulnerabilties, the benchmark vulnerabilities by which most organizations should by going by; who’s their worst pupil? The Public Sector.

According to report released by an American Security Company, a staggering 84% of public companies did not pass the guidelines set out in OWASP.. They didn’t do much better when compared to Sans 25 either, they were observed with a worrying 63% failure rate.

How can governments and other public companies hold private companies to higher standards than themselves?

For more information please go to:

http://www.scmagazine.com.au/News/298724,public-sector-orgs-flunk-owasp-top-10.aspx

Hacking Group Anonymous Pull the Latest Bunny From their Hat 

Anonymous

Automation tools, they are the latest in a string of state of the art ways for testing for new vulnerabilities. Problem is, they are also dangerous in the hands of the hackers which are exploiting them.

When it comes to online exploitations, automation is the latest and greatest. Automated Tools can be used to search for the newest SQL Injection flaws and LFI/RFI attacks.

Automated tools differ themselves greatly from the traditional directed attack, as they are used to launch grand attacks over a short period of time, meaning that this type of attack intelligence could be used to detect these attacks whilst they are in progress.

Google put their money where their mouth is

Web Giant Google is offering a cool $20,000 for any serious web vulnerability or bug discovered.

The search team at the company has set up a payment scheme by where the discoverers of such flaws will be handsomely rewarded. An SQL Injection is to be worth $10,000 whereas other impact flaws are worth around $3,000.

So far the internet company has paid out nearly half a million dollars in rewards since it started offering financial retribution for discovering flaws back in 2010.

Google aren’t the only ones out there who are offering financial rewards; most financial companies have followed suit as has facebook, mozilla and others. Microsoft hasn’t, as of yet, put it’s money where it’s mouth is; they’ve got a massive amount of the green stuff but an equally massive amount of security flaws.

For more information please go to:

http://www.theregister.co.uk/2012/04/24/google_ups_bug_bounty

Mobile malware increasingly delivered via social networks

Hackers are now exploiting the faith you put in your social network. Twitter and Facebook users are expected to reach the 1 billion user mark this year. Currently 300 million android phones are being used and more than 850,000 are added every day! Malware and other security vulnerabilities are increasinly using your mobile phone to access vulnerable data, with potentially hundreds of millions of vulnerable users; it’s time to question if you’ve put your faith in a false prophet.

http://www.net-security.org/malware_news.php?id=2085

A bit of an offensive approach

It seems as though companies are just standing around waiting to be attacked. Firms must become more aggressive,put together a serious team that will gather intelligence, model dangers, explore the landscape, draw conclusions from actual attacks and be aware the ongoing threats. The first step in this process has to be accepting that were in the midst of a cyber-war and constantly being attacked and just how vulnerable the organisation really is.

For more information please go to:

http://www.informationweek.com/news/security/management/232900936cid=SBX_iwk_related_news_Security_administration%2Fmanagement&itc=SBX_iwk_related_news_Security_administration%2Fmanagement

Vulnerability of wireless medical devices

A study showed that over the past few years far too many wireless medical devices are susceptible to security breaches. Security researcher Jeremy Radcliffe demonstrated in a few minutes just how easy it is to hack into a medical device.

There’s no reason for adding security risks to already suffering patients. These devices should have built in features that can prevent exploitation.

http://www.informationweek.com/news/healthcare/security-privacy/232900818

The following two tabs change content below.

Administrator

Latest posts by Administrator (see all)

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Get a Checkmarx Free Demo Now

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.