According to the 2013 Data Breach Investigations Report, 76% of network intrusions exploited weak or stolen credentials and 29% leveraged social tactics to get the job done. These are worrying trends and must be combated with increased security awareness.
Not all malicious attacks can be avoided with basic safety tools. There is no substitute for proper SAST scanning followed by proper source code rewriting. But many elementary and often overlooked safety precautions can help you guard your work cyberspace more effectively.
1 – Revise and Enforce Password Policies
This is probably the most common breach that invites hackers into databases and applications. Users often don’t change the default passwords they receive while starting new jobs, leaving the door open to attackers. Employers should also promote the use of strong passwords and encourage workers to change their passwords frequently.
2 – Install Windows Updates and Configure Firewalls
Windows security updates are rolled out by Microsoft on a monthly basis, but many tend to ignore the notifications or even turn them off at times. This is obviously a grave mistake which leaves huge loopholes in the office systems. Administrators should also make sure that all firewalls are configured to suit their organization’s traffic.
3 – Delete Comments in Source Codes
Many developers like to use comments while writing source code. This makes their work easier and tidier, but there is also a downside to this feature. Attackers who gain access to source codes with comments can find numerous hints and tips to make their job easier. Hence, it’s highly recommended to delete comments from all final source codes.
4 – Use Fake Personal Data and Avoid Daisy-Chaining Accounts
Websites today ask for personal information while signing up for their services. These details are good for data and password retrieval, but also serve as good leads when attackers are assaulting your computer. Using fake information is a good solution for this problem. Also it’s highly recommended to not daisy-chain accounts from different websites.
5 – Avoid Email Phishing Scams
Emails are probably the most common way to create interaction with user-end computers. Workers should simply ignore emails from unknown sources. Clicking on hyperlinks in emails is also not a good idea, as it can trigger harmful malicious code. Such links should be manually retyped into the browser for safe surfing.
As mentioned earlier, the Static Source Code Scanning is the best way to secure your website and professional cyberspace. Finding loopholes and vulnerabilities is a vital part of any internet security strategy. But minor attacks can be stopped or at least delayed by simply using the tools that every company has at its disposal. Practice and protect.
Sign up today & never miss an update from the Checkmarx blog
Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.
Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.