The Brave New World of InfoSec
About this Blog:
A seasoned security pro's take on events around the world.
Insanity - Doing the Same Thing Over and Over Again Expecting a Different Result
A Gartner study indicates that 75% of security breaches are due to flaws in software. Primarily because those applications have been put together as quickly as possible in order to get a working system out there, without due regard being given to the security implications. We all see this on a daily basis. The arbitrary dates are set for a new system / application rollout without fully defining requirements and without considering security. Someone in corporate cloud determines a revenue number that trickles down to a delivery date for a series of applications to rollout generating the right numbers.
Researchers with the applications security testing specialist estimate that 71 percent of all the vulnerabilities reported worldwide during Q4 2007 were related to Web apps -- affecting everything from servers to browsers -- representing a three percent increase over the previous quarter. The directional metrics here are going the wrong way.
As the hackers continually attempt to up their game, the securities and futures industry in the US recorded, in 2007, a 150% annual increase in the amount of suspicious activity detected on its systems. Really makes you wonder if it is just watched or if something is actually being done to thwart this activity. The most common attacks are:
• SQL command injection
• LDAP injection
• Shell command injection
• Interpreted data injection
• OS command injection
• HTML/XHTML injection
• Cross-Site Scripting (XSS)
• Session hijacking
• Session token brute-force attacks
• Session cookie manipulation
• Session replay attacks
• SSL/TLS protocol manipulation
• URL path & file guessing
• “Forceful browsing”
• Path traversal attacks
• Log data injection
• Resource exhaustion attacks
• Hidden field manipulation
• Client-side scripting bypass
• Personalization and state cookie manipulation
• Buffer overflows
• Developer back door access
• Format-string attacks
Previous Post: Soapbox Pulpit for a Junkyard ProphetNext Post: Technical Mujahid - Mujahideen Secrets - Electronic Jihad 3.0
What is Tech Briefcase?
TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
Bookmark content
Speed up your research efforts with content across the web.
Search and Store
Find the white papers you need. Create folders for any topic.
View Anywhere
Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
WHITE PAPER
Reduce Email Archives up to 60%
Are you considering implementing a proactive archiving and eDiscovery solutions? This paper summarizes 15 separate soft cost savings when implementing Symantec Enterprise Vault and the Clearwell eDiscovery Platform.
WHITE PAPER
Aberdeen Report: To Patch, or Not to Patch? (Not If, But How)
The report explores the correlation between the current use of patch management and the level of endpoint-related risk that companies are effectively accepting.
Recent Comments
Webcasts
- The CISO's Survival Guide to Securing Data
- Data Privacy and Protection in Production Environments: New Research from Ponemon Institute
- FireEye Advanced Threat Protection KnowledgeVault
- Five Tips to Consider in a Data Security Strategy for Smartphones and Tablets
- Moving Your Email to the Trusted Cloud
- Comprehensive Server Protection
White Papers
Sponsored Links
RESOURCE CENTER
- Home |
- About |
- Privacy Policy |
- Terms of Service |
- Subscribe to CSO Magazine |
- Advertising |
- Events |
- Site Map |
- AdChoices
THE IDG NETWORK
- CFOworld |
- CIO |
- Computerworld |
- CSO |
- DEMO |
- GamePro |
- Games.net |
- IDC |
- IDG |
- IDG Connect |
- IDG Knowledge Hub |
- IDG TechNetwork |
- IDG Ventures |
- InfoWorld |
- ITwhitepapers |
- ITworld |
- JavaWorld |
- LinuxWorld |
- Macworld |
- Network World |
- PC World
© 1994 - 2012 CXO Media Inc. a subsidiary of IDG Enterprise