Vulnerability Alerts
SANS
 
Microsoft
 
CERT/CC
 
 
Latest Comments
"when i login to face book it tells me i am cookies enabled what does this mean"
on Ads on Facebook serving up adware
by celeste | Nov 21, 2008 5:15 PM
 
"Hi this is the mail I received Brett Karpman show details Nov 17 (3 days ago) Reply Atten..."
on Yahoo and Microsoft take aim at lottery scams
by Rodney Churchyard | Nov 20, 2008 6:13 PM
 
"security through obscurity...shows how detached HIPAA is from reality."
on Privacy breaches causing business instability
by priceOfFishInChina | Nov 20, 2008 1:19 PM
 
"Umm. no. The 6.5 product is mounting the offline VM image and performing a scan for patch ..."
on Shavlik Technologies to broaden its patch management offerings
by eric | Nov 20, 2008 8:15 AM
 
"it's great i tried it"
on McAfee offers free trial of security appliance
by divyacharan | Nov 20, 2008 12:24 AM
Application Flaws

Application weaknesses double as networks tighten up

  • Email a Friend
  • Print Page
Application weaknesses double as networks tighten up
Related Articles
By Joy Persaud
Jul 28, 2008 10:38 AM
Tags: Application | weaknesses | double | as | networks | tighten | up
An analysis of 100 security tests carried out over the past five years shows that application level weaknesses are up by 50 percent.

Security services provider Orthus conducted the baseline security tests beginning 2004 in terms of both network and application layers. The tests were carried out in industry sectors such as banking, insurance, finance, retail, manufacturing, transport, utilities, health and education.

The study revealed nearly 2,000 vulnerabilities. At least one security vulnerability was found at the network level in all tests and in 97 percent of the tests, at least one vulnerability was found at the application level.

Network layer weaknesses, however, had dropped from an average of 14 per test in 2004 to an average of six per test during tests carried out in 2008, representing a drop of 57 percent. This contrasted with the rise in application level weaknesses from eight per test in 2004 to 12 per test in 2008 – a rise of 50 percent.

Other worrying findings include a 25 percent increase in SQL injection vulnerabilities and other weaknesses; and cross-site scripting vulnerabilities climbed by 23 percent.

Richard Hollis, managing director of Orthus, said: “Security teams are getting better at eradicating network and operating system related issues, but the application layer is less well addressed.

Companies need to adopt secure coding guidelines as part of a comprehensive secure software development lifecycle. It can be done. The three percent of applications that were extremely well-written and configured when tested are proof of that.”

He recommended that organisations that outsource web application development should provide security standards to partners and insist on periodic independent code reviews, as well as application testing of all major releases. Issues fixed in one release “have a habit of reappearing in the next,” he warned.

System application layers are increasingly targeted so that black-marketable information can be extracted from a backend database.



See original article on scmagazineus.com

Secure Computing Magazine

 
Ads by Google
Thoughts on this article? Add a comment below.
Be the first to comment on this article.

Report this comment as offensive:

   * Indicates information we require to process your submission.

Name: *
Email: *
Reason for offense: *
Your report will not be displayed.  
Name:
*
 
Email:
(will not be displayed)
*
 
Comment:
(HTML not permitted)
*
 
Validation
*

Enter the code you see below:

 

 
 
 
 
 
Tripwire - Click here to win an iTouch
 
 
 
Vulnerabilities & Exploits Whitepapers
 
Popular Tags
acquires analysts campaign colubris election environments gartner hackers mccain networks obama presidential procurve security social virtual