Checkmarx Acquires Custodela to Bring Enhanced Automation to DevSecOps Programs!

What’s HOT in Application Security Vol #29

More than half of all companies experienced a security breach in the past year and a half

More than half of all companies in the world experienced some kind of security breach in the past 18 months; worrying statistic, given the level of damage a security breach can do to a company. The statement comes from a report which was released last week dubbed the “Software Security Risk Report”.

The report contained a variety of different findings. Some of which were obvious, some were quite surprising.

1- These security breaches do not come cheap. Around 18 percent of all breaches observed in the report cost more than $500,000 and around 8% were valued at more than $1,000,000. Two companies studied had losses which came to more than ten million dollars.

2- Around 72% of all breaches came from companies who said they did not allocate and spend enough money on security software.

3- Companies are not securing their applications within the development stage. Only 17% of all companies examined actually scanned their code within the development stage. Which goes against almost all recommended guidelines for  good web application security.

4- Developers struggle with the tools they already have in place. Many of the companies studied showed that the current security tools they have are not properly integrated with their current systems and are therefore not used correctly.

For more information please go to:
http://www.heraldonline.com/2012/09/18/4270644/alert-logic-state-of-cloud-security.html

New exploit found in Internet Explorer

Hackers recently published a new exploit code for Internet Explorer. Microsoft’s security experts say that the exploits stems from a problem that Internet Explorer handles CSS style sheets.

Microsoft is working round the clock to try to figure out a way to overcome this vulnerability, but in the meantime, Dave Forstrom, director of trustworthy computing at Microsoft stated, “given the public disclosure of this vulnerability, the likelihood of criminals using this information to actively attack our customers may increase.”

For more information please go to:
http://krebsonsecurity.com/2010/12/exploit-published-for-new-internet-explorer-flaw/

The commitment to Web Application Security needs to be continual

Web applications are still the most common attack vector, with hacking as a whole on the increase and with hacking web applications at an all time high. Common day hackers are choosing uncommon victims, sometimes it seems as if the targets are random and that virtually no data is safe.  Technologies which are complicated, the increasing adoption of web 2.0 and extremely powerful features which are found in the recent HTML, HTML 5 have actually made things easier on the criminal hackers and worse for the organizations. We see that whatever was safe today might not be safe tomorrow. As we’ve written several times before on this blog, the consequences of poor web application security are quite severe and often go way beyond the web server or bank account.

The world of hacking is an ever changing environment where new and different types of vulnerabilities are discovered on a daily basis. These vulnerabilities can be shared at lightening speed with other hackers so a vulnerability might be discovered ten minutes ago  but exploited thousands of times during that period, not affording the organization adequate time to figure out a patch. Web application security has to be considered at the most basic level of development as fixing the vulnerability later on is much more time consuming and hits the budget much harder.

For more information please go to:
http://www.heraldonline.com/2012/09/05/4236143/web-application-security-is-an.html#storylink=cpy

Jump to Category