Checkmarx Acquires Custodela to Bring Enhanced Automation to DevSecOps Programs!

What’s HOT In Application Security Vol #14

Are Chinese Hackers threatening the US economy using malware?

According to a McClatchy-Tribune report this month “Chinese attempts to collect U.S. technological and economic information will continue at a high level and will represent a growing and persistent threat to U.S. economic security.” The FBI, Department of Homeland Security and the Justice Department’s national security division have raised concerns in granting an international service license to China Mobile, making it easier for China to spy on the U.S. or steal intellectual property from U.S. companies.

Cyber-security must gain consciousness amongst the public; a survey found that the nation’s Internet Security awareness had fallen 35 points since last year. That means Americans went from being “seriously concerned” about cyber threats to “moderately concerned.” unfortunately this deterioration appears at a time when malware targeting mobile devices used to access the Web are soaring.

http://asiasociety.org/policy/strategic-challenges/china-and-cyber-espionage

iOS Application Security

Over the past year there has been a large increase in downloading applications from Apples App Store, which allow users to easily send and receive money. Gartner predicts that by 2014 there will be more than 70 billion mobile application downloads each year.

Understanding this, we would expect concurrant growth in security concern or at least for it to be a top priority. Surprisingly results of a small survey that was held amongst 200 developers showed that security was placed on the bottom of their priority list after, functions and features as specified or envisioned, performance, usability, uptime and maintainability.

http://blog.spiderlabs.com/2012/05/ios-application-security-top-50-free-ipad-apps-the-view-from-the-top-isnt-much-better-part-1-of-2.html

SQL Injection Vulnerability a major setback for Ruby on Rails

The developers of Ruby on Rails, successfully identified a big vulnerability which was facilitating their attackers to execute SQL commands on the database server. An SQL Injection attack can prompt the database to cough up sensitive information or allow the hacker to read unauthorized information.
The vulnerability exists in a few of their versions and was only exposed when using nested query parameters.
A further weakness with query generation was also found.
For more information please go to:
http://www.h-online.com/open/news/item/Critical-vulnerability-derails-Ruby-on-Rails-1588773.html

Most effective software security method

According to the Verizon 2012 Data Breach Investigations Report, more than 1 billion records have been compromised due to breaches and only eight percent of breaches were discovered internally. The recommended method of preventing vulnerabilities is by integrating a secure coding tool into the software development life cycle (SDLC) process. Many organizations that focus on improving security software such as OWASP, agree that static and dynamic application testing is the most effective process, preventing over 90 percent of the problems.

http://midsizeinsider.com/en-us/article/coding-security-into-applications-surve

Anonymous Claims Attack on Facebook

PC- World is taking responsibility for whatever it was that went wrong this past Thursday evening and early Friday morning preventing users access to their Facebook accounts. Users were asked to reenter their credentials a number of times, packets were being lost at Facebook locations all around the globe and checkpoints were unavailable in San Francisco and Moscow. During the service disruptions an unknown host message was posted to YourAnonNews Twitter account which read- “Oh yeaha| RIP Facebook a new sound of tango down bi….s”.

http://www.cio.com/article/707464/Anonymous_Claims_Attack_on_Facebook?taxonomyId=3089

Undergrad student responsible for Univ. of Nebraska breach

Despite the increased vigilance in cyber-attacks, breaches continue to be relatively common in particularly amongst universities. An undergraduate student is responsible for a breaking into a university database and revealing the information of over 650,000 students, parents and employees. The system that was built over a three-year period at a cost of $29.9 million is based on Oracle’s PeopleSoft Enterprise Campus Solution platform. This system is currently being used by more than 800 universities in 20 different countries. Earlier this year personal records of approximately 350,000 students, at the University, were exposed and accessible over the Internet because of a system misconfiguration.

http://www.csoonline.com/article/707432/undergrad-suspected-in-massive-univ.-of-nebraska-breach

Jump to Category