Cyber threats the joker and the thief

gAtO FoUnD– the continued threat of vulnerabilities within Web applications, mobile applications, and outlines specific vulnerabilities with cloud-based implications.  Also an alarming trend for security professionals, in the form of continued prevalence of critical application layer vulnerabilities, such as Cross Site Scripting (XSS) and SQL Injection. Though there are existing fixes for these well-known vulnerabilities, these flaws continued to dominate with XSS climbing to a staggering 38 percent of total Web vulnerabilities, increasing slightly from the second half of 2010. SQL Injection accounted for 15 percent of the total number of Web vulnerabilities.

Web vulnerabilities —  In the first two months of 2012, 59 percent of all reported security

vulnerabilities were Web vulnerabilities

—  In 2011, Cross Site Scripting (XSS) accounted for 38 percent of total

Web vulnerabilities

“As businesses worry about the next big security threat, they fail to realize the threats that are right in front of them,” said John Weinschenk, CEO of Cenzic. “From an industry-wide perspective, the fact that the amount well-known vulnerabilities continue to persist is a signal that education, diligence, and proper coding during the development phase are a necessity in today’s cyber world. Real change can only happen by adhering to these principles.”

Mobile vulnerabilities —  A total of 89 mobile vulnerabilities were made public in 2011 and so

far in 2012 (Jan-Feb) 11 mobile vulnerabilities have been made public.

—  Sensitive Information Disclosure (28 percent) and Session

Authentication and Authorization (28 percent) make up the bulk of the

vulnerabilities.

In recent report it is also details the vulnerabilities related to cloud and mobile device usage, noting a total of 89 mobile vulnerabilities were made public in 2011, while out of a set of 1201 publically reported vulnerabilities 855 had cloud-based security implications. As mobile devices continue to be used to access online cloud computing platforms, emerging hybrid vulnerabilities haved developed as well.

Cloud vulnerabilities —  In 2011, out of a set of 1201 publically reported vulnerabilities 855

had cloud based security implications

—  Specific security vulnerabilities were found in cloud-based

applications including EyeOS, OrangeHRM, The Parallels Plesk Panel,

Oracle Fusion Middleware, Batavi E Commerce, deV!ls ClanPortal, and

more.

The growing demand for cloud applications and mobile devices that access them is creating a unique problem. Each has its own set of security issues, but when used in tandem, they can produce hybrid vulnerabilities that compound threats and increase the complexity of secure coding. By exploiting vulnerabilities in a mobile application a hacker can open up an attack vector to a preexisting vulnerability on the cloud based application -gAtO oUt

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: