The Top 5 ApplicationSecurity Villains

DARE TO ENTER

HAPPY HALLOWEEN!From Veracode

TOUR THE HAUNTED HOUSETO ENCOUNTER THEM

THIS WAY

Watch out! SQL injection breaches, like mummies, keep coming back to life. According to the 2014 Verizon DBIR, 80% of retail breaches targeting web applications exploit SQL injection vulnerabili-ties. Cyberattackers are constantly searching every nook and cranny of your web applications to find easily-exploitable weak spots such as SQLi — a critical vulnerability which has been on the OWASP Top 10 forever!

SQL INJECTION

Another “greatest hit” from the OWASP Top 10, cross-site scripting allows a cyberattacker to inject arbitrary scripts into an unsuspecting website which are then executed by the victim’s browser. Just like Dracula’s bite takes over your soul, XSS allows the attacker to place its victims under their total control‚ leaving you vulnerable to scary and malicious activities such as sensitive data theft, data tampering and session hijacking.

CROSS-SITE SCRIPTING (XSS)

Recent high-profile breaches have shown that cyberattackers relish casting their evil spells on third-party vendors. This isn’t surprising — 90% of third-party software doesn’t comply with the OWASP Top 10. That makes it especially vulnerable to attackers who target third-party vendors as the path of least resistance into organizations. Then they methodically traverse your network, casting spells to gain more powers and elevated privileges as they go.

THIRD-PARTY VENDORS

As we learned from Heartbleed and Shellshock, open source com-ponents often don’t undergo the same level of security scrutiny as in-house software. In fact, open source and commercial third-party components contribute an average of 24 known vulnerabilities into every web application. Just like werewolves that start out as ordi-nary humans, “friendly” compo-nents are easily transformed into dangerous creatures that expose organizations to malevolent threats including data breaches, malware injections and DoS attacks.

VULNERABLE OPEN SOURCE COMPONENTS

Companies large and small, across all industries, rely on software innovation to drive their businesses. Just like Frankenstein’s creators didn’t know how big and powerful he would be, we couldn’t have predicted that our increased reliance on web, mobile, cloud and Internet of Things technologies would also lead to a massive increase in risk.

APPLICATIONS ARE THE NEW FRANKENSTEIN

Veracode’s cloud-based service is a simpler and more scalable way to reduce application-layer risk

across your global software infrastructure, including web, mobile and third-party applications.

With Veracode, you can speed your innovations to market — while defeating these vile application

security villains along the way!