A new report written by Osterman Research notes that most websites use third-party libraries to simplify common functions, but these same libraries often have application security risks. Organizations also typically lack visibility into third party code, making it difficult to determine if websites and web applications have been compromised.
Protect against Log4J without patching
Learn More
HomeTagapplication security Archives - Page 2 of 15 - K2io
Tag
Entries Tagged " application security "
A new article in Help Net Security is reporting that attacks on retail industry websites from Q4 2020 through the first half of 2021 were notably higher than all other industries, and were characterized by more sporadic peaks in attacks. With attacks up on retail sites, and the continued global supply chain crisis, shoppers are sure to have a tougher time finding the presents they are looking for this holiday season.
A new article in Venture Beat is reporting that 70% of development teams always or frequently skip security steps due to time pressures when completing projects. The article concludes that the result of skipping security steps, is that 33% of security issues in remediation at any given time come from production code.
The proliferation of applications in the wake of COVID and more employees than ever working from home should not be a surprise to anyone. The worry though, is whether organizations have taken security for those newly released applications seriously enough. Security professionals face growing challenges as their organizations increase both the number of applications deployed and the pace at which these applications change. The publication eWeek took a closer look at some of the security implications of application proliferation in a new article.
A new article in the Daily Swig discloses that security researchers have discovered that a historic vulnerability affecting both MySQL and MariaDB databases caused serious flaws for security technologies, specifically Web Application Firewall (WAF) from AWS. WAF failures aren't new, and we recently wrote about a hacker claiming WAFs don't work.
Last year, K2 Cyber Security reported that the US-CERT Vulnerability Database hit a record number of vulnerabilities recorded for the fourth year in a row on December 15, 2020. As of last Thursday, October 14, 2021, the database is on track to hit a fifth record year of recorded vulnerabilties.
A new article on WNEP is reporting on experts who claim that cyber attacks are getting worse. Not surprising at the top of the list is ransomware attacks., which have made headlines, crippling healthcare computer systems, 9-1-1 centers, stopping work on gas pipelines, and more.
In addition to OWASP finally updating the Top 10 Web Application Risks, this year Mitre also updated their Top 25 Most Dangerous Software Bugs, also known as the CWE Top 25. One of the interesting things to note about the updated list, is that common vulnerabilities still feature prominently, an indication that we've made little progress in improving the security of our web applications, as has been indicated by other recent studies.
It will be one year since NIST released their final version of SP800-53 Revision 5 on September 23, 2020. As a quick reminder SP800-53 is the document issued by NIST that specifies the Security and Privacy Controls that need to be used by agencies of the Federal government.
The Open Web Application Security Project (OWASP) has released its draft Top 10 Web Application Security Risks 2021 list with a number of changes from the 2017 list (the last time the list was updated). The list has been maintained by OWASP since its release in 2003 with updates every few years.