As we approach the end of 2021, we’d like to present our predictions for 2022 for the application security community. It would be easy to just predict that cyber attacks will continue to increase, that we’ll find more vulnerabilities in production code (after four record years and probably a fifth), and that ransomware will exact a record-setting payment from an organization in the coming year. Instead, we’ll focus on three predictions that are probably a little less likely, but ones we may still actually see come to pass in the coming year.
HomeAuthorPravin Madhani, CEO and Co-Founder, Author at K2io
A new report written by Osterman Research notes that most websites use third-party libraries to simplify common functions, but these same libraries often have application security risks. Organizations also typically lack visibility into third party code, making it difficult to determine if websites and web applications have been compromised.
A new article in Help Net Security is reporting that attacks on retail industry websites from Q4 2020 through the first half of 2021 were notably higher than all other industries, and were characterized by more sporadic peaks in attacks. With attacks up on retail sites, and the continued global supply chain crisis, shoppers are sure to have a tougher time finding the presents they are looking for this holiday season.
A new article in Venture Beat is reporting that 70% of development teams always or frequently skip security steps due to time pressures when completing projects. The article concludes that the result of skipping security steps, is that 33% of security issues in remediation at any given time come from production code.
The proliferation of applications in the wake of COVID and more employees than ever working from home should not be a surprise to anyone. The worry though, is whether organizations have taken security for those newly released applications seriously enough. Security professionals face growing challenges as their organizations increase both the number of applications deployed and the pace at which these applications change. The publication eWeek took a closer look at some of the security implications of application proliferation in a new article.
A new article in the Daily Swig discloses that security researchers have discovered that a historic vulnerability affecting both MySQL and MariaDB databases caused serious flaws for security technologies, specifically Web Application Firewall (WAF) from AWS. WAF failures aren't new, and we recently wrote about a hacker claiming WAFs don't work.
Last year, K2 Cyber Security reported that the US-CERT Vulnerability Database hit a record number of vulnerabilities recorded for the fourth year in a row on December 15, 2020. As of last Thursday, October 14, 2021, the database is on track to hit a fifth record year of recorded vulnerabilties.
A new article on WNEP is reporting on experts who claim that cyber attacks are getting worse. Not surprising at the top of the list is ransomware attacks., which have made headlines, crippling healthcare computer systems, 9-1-1 centers, stopping work on gas pipelines, and more.
In addition to OWASP finally updating the Top 10 Web Application Risks, this year Mitre also updated their Top 25 Most Dangerous Software Bugs, also known as the CWE Top 25. One of the interesting things to note about the updated list, is that common vulnerabilities still feature prominently, an indication that we've made little progress in improving the security of our web applications, as has been indicated by other recent studies.
It will be one year since NIST released their final version of SP800-53 Revision 5 on September 23, 2020. As a quick reminder SP800-53 is the document issued by NIST that specifies the Security and Privacy Controls that need to be used by agencies of the Federal government.