What’s HOT in Application Security Vol#13

May 21, 2012 By Administrator

The High Price of Web Application Security Checkmarx News

What is the true cost of web application security? One CISO might say ‘My entire security solution cost me $40,000’, another might quote a higher price but many companies will simply answer ‘What is the cost of no application security?’

How would you react if you found out that your bank left the doors open at night with no locks on the safes and no security guards? What would you do if you found out that a bookshop was printing your credit card number and leaving it lying around the store? Would you continue to shop there? When a company does not provide adequate web application security then they are effectively leaving the door open to predators. An organization which recklessly acts with disregard with your personal information is one which will lose its credibility, fast.

The recent study on breach on Sony cost the company an astonishing $171 million in direct costs. This figure is astounding, even when compared to the huge success of the organization. The study then went on to investigate the indirect costs of the breach, which generally stem from the loss of confidence of customers to be an estimated $341 million. In 2010 other companies had to shell out an average of $7.2 million dollars per data breach; a cost which is many times over that of the cost they would have required to secure their web applications sufficiently.

For more information please go to:
http://www.informationweek.com/news/security/attacks/229402895

What are the worst data security breaches of all time?

Pretty much since the conception of the internet we have experienced an inordinate amount of security breaches. These security breaches have all been different in nature, size, reason and solution. This is a list of the worst security breaches of all time.

-Gawker Media- December 2010
One of the most obvious targets for hackers is online forums and blogs. Generally speaking, their security isn’t comparable to that of any other commercial service provider and there is a level of hysteria created when such a breach occurs. The attack in 2010 exposed e-mail addresses and passwords of millions of blog users worldwide.

-T.J Maxx and Marshalls
In this particular breach, the hackers managed to acquire over 45 million credit and debit card numbers. These credit cards were stolen from the US department store giants T.J Maxx and Marshalls. The Hacker ended up paying a high price too; his freedom. This data breach cost him 20 years in a federal prison, a hefty sum for a cyber-criminal but the department stores paid the highest price; their reputation.

-UK Revenue & Customs- Nov 2007

This breach is not strictly an Information Security Breach although it does fall under the jurisdiction of an information data crime. In 2007, the personal data of 25 million British Citizens, which was stored on CDs were misplaced. A similar situation was observed in the US when the social security numbers of 26.5 million US veterans was stolen from a simple laptop!

-Google, Mid 2009
Astonishingly, this attack which occurred in 2009, was not perpetrated by thieves looking for sensitive financial data but was actually perpetrated by the Chinese Government! The Chinese government actually launched this attack against Google and other silicon Valley companies in an attempt to get their hands on information on Chinese Human Rights activists but as more information emerged, it appeared it was a simple case of industrial espionage.

It wasn’t disclosed to the general public exactly what data was compromised but Google announced that some of its intellectual property had been illegally acquired and in retaliation, they would no longer continue relations in China.

For more information on IT Security breaches please go to:
http://news.yahoo.com/blogs/technology-blog/5-worst-digital-security-breaches-time-231258611.html

Small Businesses are the biggest victims

Big businesses have a couple of critical advantages to small-medium ones with regards to IT Security. The first is resources and capital; it’s no secret that purchasing and maintaining a secure enterprise is not without its costs. According to a 2011 Cost of Data Breach Study, the cost of a breach is obviously considerably more expensive than simply taking the time to secure your applications correctly, let alone the ramifications and other damages that come along it. There’s no cheap way out of IT security however, implementing “good cyber hygiene“ 85% of security risks can be eliminated.

http://www.csoonline.com/article/706419/thwarted-by-security-at-enterprises-cyber-criminals-target-smbs

Japan Signs Information Security Agreement With Australia

Australian Prime Minister Julia Gillard called Japan her nation’s “closest partner in Asia” during a visit in April 2011.

This agreement is clearly set out to strengthen security ties between these two neighboring nations and will also enable the two countries to share data more freely with the U.S.

http://www.channelnewsasia.com/stories/afp_asiapacific/view/1201932/1/.html

Information security needs fresh approach

It’s obvious that many vendors are lacking efficiency regarding security vulnerabilities but it’s now been discovered that many companies don’t even know when security breaches occur. According to Haroon Meer, founder of and researcher at Thinkst Applied, the security industry is using old technology methodologies to try and address new security threats. The days of blacklisting are long gone, users should refer to white-listing. Blacklisting can only point out the malicious piece of code only once it has already happened. If considering this in a positive light, it’s still better than nothing but it’s still negligent not to use both methods.

http://www.itweb.co.za/index.php?option=com_content&view=article&id=54466

The following two tabs change content below.

Administrator

Latest posts by Administrator (see all)

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Get a Checkmarx Free Demo Now

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.