Internet Security Risks

We tend to think of companies like Sony, Anthem, and Target as being secure – of course, until they get hacked. But we have to remember that even the most reputable organizations face Internet security threats, and regardless of how many times we check our doors, no one is safe.

Whether to simply cause disruptions and mar the reputations of companies, or to cause real damage and steal personal information for malicious use, attackers will go the distance. These security risks come in all forms, some of the most common being:

  • Injection: tricks the application into executing unintended commandlock_GJlzDI8u_Ls
  • Broken Authentication and Session Management: Session ID assigned to a user is obtained and then used to track the user’s activities and gain access into the user’s accounts 
  • Cross-Site Scripting (XSS): the most common method is to send raw data to a user’s browser to hijack a JavaScript client; data can be stolen or rewritten and activity monitors can be installed
  • Insecure Direct Object References: exposed references to internal implementation objects (files, directories or database keys) allow attackers to manipulate them and gain access to data
  • Security Misconfiguration: attackers gain unauthorized access to account info and user data and are able to exploit critical server operations due to failed implementation and/or management of the software configuration management system

Most of these threats are obvious, but are still too often the reason for breaches. Generally, development teams are aware of the possibility of risks – but are they actually prepared to turn away risks when they come knocking at the door? Or better yet, are they ready to handle full-fledged infiltration? We want to hear from you. Please take the time to participate in our Software Security Testing survey. We’re curious to know where the software community stands in terms of protecting themselves against threats. Your answers will be used as a basis for our 2016 Software Security Testing Report and, as always, will remain anonymous. (P.S. You’ll be entered for a chance to win a $100 Amazon gift card, and the survey only takes three minutes to complete.)

You can find the full original article, Breaking and Entering: Internet Security Risks, by XBOSoft VP of Engineering Ed Curran on LinkedIn.