|
Embedding Development Security
New applications are released every day with vulnerabilities?
Fast coding and agile development has increased the expectations on delivering new applications quickly, but in turn this has led to an increase in vulnerabilities. Independent reports have also highlighted the cost of leaving remediation towards the end of the development lifecycle. The latest breaches reported in the press have come from criminal hackers targeting employees, tricking them in activating customised malware, which means that the firewall, anti-virus and application gateways are ineffective. The last defence and best protection is to manage the vulnerabilities on the application. Therefore, security programme activities need to be scheduled during the application development lifecycle and version updates.
Protect you applications
CIPHER Intelligence Labs continue to pick up consistent common errors; Cross Site Request Forgery (CSRF), Improper error and session handling, as well as finding basic Cross Site Scripting (XSS) and SQL Injection vulnerabilities. In addition, CIPHER consultants find that new applications may not have considered regulations and industry standards, such as using Card Holder Data (CHD) for indexing, leading to compliance issues.
|
