The Top 5 ApplicationSecurity Villains
DARE TO ENTER
HAPPY HALLOWEEN!From Veracode
TOUR THE HAUNTED HOUSETO ENCOUNTER THEM
THIS WAY
Watch out! SQL injection breaches, like mummies, keep coming back to life. According to the 2014 Verizon DBIR, 80% of retail breaches targeting web applications exploit SQL injection vulnerabili-ties. Cyberattackers are constantly searching every nook and cranny of your web applications to find easily-exploitable weak spots such as SQLi — a critical vulnerability which has been on the OWASP Top 10 forever!
SQL INJECTION
Another “greatest hit” from the OWASP Top 10, cross-site scripting allows a cyberattacker to inject arbitrary scripts into an unsuspecting website which are then executed by the victim’s browser. Just like Dracula’s bite takes over your soul, XSS allows the attacker to place its victims under their total control‚ leaving you vulnerable to scary and malicious activities such as sensitive data theft, data tampering and session hijacking.
CROSS-SITE SCRIPTING (XSS)
Recent high-profile breaches have shown that cyberattackers relish casting their evil spells on third-party vendors. This isn’t surprising — 90% of third-party software doesn’t comply with the OWASP Top 10. That makes it especially vulnerable to attackers who target third-party vendors as the path of least resistance into organizations. Then they methodically traverse your network, casting spells to gain more powers and elevated privileges as they go.
THIRD-PARTY VENDORS
As we learned from Heartbleed and Shellshock, open source com-ponents often don’t undergo the same level of security scrutiny as in-house software. In fact, open source and commercial third-party components contribute an average of 24 known vulnerabilities into every web application. Just like werewolves that start out as ordi-nary humans, “friendly” compo-nents are easily transformed into dangerous creatures that expose organizations to malevolent threats including data breaches, malware injections and DoS attacks.
VULNERABLE OPEN SOURCE COMPONENTS
Companies large and small, across all industries, rely on software innovation to drive their businesses. Just like Frankenstein’s creators didn’t know how big and powerful he would be, we couldn’t have predicted that our increased reliance on web, mobile, cloud and Internet of Things technologies would also lead to a massive increase in risk.
APPLICATIONS ARE THE NEW FRANKENSTEIN
Veracode’s cloud-based service is a simpler and more scalable way to reduce application-layer risk
across your global software infrastructure, including web, mobile and third-party applications.
With Veracode, you can speed your innovations to market — while defeating these vile application
security villains along the way!