Veracode
Vulnerabilities Are Scary – Be Scarier.

10 Scary Software Vulnerabilities

It Knows What You’re Afraid Of.



Aggressive competitors? Sure. Daunting deadlines? Of course. But creating applications with security defects . . . that shouldn’t scare you. Software vulnerabilities should be afraid of you.

 

Code Fearlessly

85% of Applications have vulnerabilities lurking in their code.



Here are the 10 types of security defects that may be hiding in your apps.

Top Ten

10. Encapsulation



Unprotected data escapes when code crosses over between components. Think trust boundary violations or protection mechanism failures. 20% of apps are vulnerable.

 

 

9. SQL Injection



Using malicious data, an attacker accesses, alters and deletes data in a backend database. 27% are vulnerable.

8. Credentials Management



Mishandled credentials are a nightmare come true. A common villain: hard-coded passwords. 43% are vulnerable.

 

 

7. Insufficient Input Validation



What begins as malformed input morphs into scary code that steals data, hijacks sessions, and executes evil code. 47% are vulnerable.

State of Software Security Volume 9

Read the Report

6. Directory Traversal



Web server attacks disguised as modified URLs provide unauthorized access to restricted directories and files. 48% are vulnerable.

 

 

5. Cross-Site Scripting



Client-side script creeps in, bypassing controls to steal sensitive data, change website content, even hack users’ computers. 49% are vulnerable.

4. CRLF Injection



Hiding behind an unexpected Carriage Return Line Feed (CRLF), attackers can alter data, deface websites, and hijack sessions. 60% are vulnerable.

 

 

3. Code Quality



Your leftover debug code could be used against you, providing clues to sensitive data on improper resource shutdown or release. 63% are vulnerable.

2. Cryptographic Issues



Poorly encrypted passwords, payment info and other personal data are unlocked doors to a hacker. 64% are vulnerable.

 

 

1. Information Leakage



Sssshhh. They’re out there. Leaked information helps attackers take down your app and your data. 67% are vulnerable.

Is The State Of Your Software Secure Or Scary?

Download your FREE State of Software Security Vol. 9 Report now.

 

 

 

 

contact menu