Aggressive competitors? Sure. Daunting deadlines? Of course. But creating applications with security defects . . . that shouldn’t scare you. Software vulnerabilities should be afraid of you.
Here are the 10 types of security defects that may be hiding in your apps.
Unprotected data escapes when code crosses over between components. Think trust boundary violations or protection mechanism failures. 20% of apps are vulnerable.
Using malicious data, an attacker accesses, alters and deletes data in a backend database. 27% are vulnerable.
Mishandled credentials are a nightmare come true. A common villain: hard-coded passwords. 43% are vulnerable.
What begins as malformed input morphs into scary code that steals data, hijacks sessions, and executes evil code. 47% are vulnerable.
Web server attacks disguised as modified URLs provide unauthorized access to restricted directories and files. 48% are vulnerable.
Client-side script creeps in, bypassing controls to steal sensitive data, change website content, even hack users’ computers. 49% are vulnerable.
Hiding behind an unexpected Carriage Return Line Feed (CRLF), attackers can alter data, deface websites, and hijack sessions. 60% are vulnerable.
Your leftover debug code could be used against you, providing clues to sensitive data on improper resource shutdown or release. 63% are vulnerable.
Poorly encrypted passwords, payment info and other personal data are unlocked doors to a hacker. 64% are vulnerable.
Sssshhh. They’re out there. Leaked information helps attackers take down your app and your data. 67% are vulnerable.
Veracode is a leading provider of enterprise-class application security, seamlessly integrating agile security solutions for organizations around the globe. In addition to application security services and secure devops services, Veracode provides a full security assessment to ensure your website and applications are secure, and ensures full enterprise data protection. Application protection services from Veracode include white box testing, and mobile application security testing, with customized solutions that eliminate vulnerabilities at all points along the development life cycle.
*Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.