We’ve all been dealing with all kinds of AppSec villains for a long time – but perhaps you’ve never visualized them in exactly this way. Check out this fun presentation to learn about the top 5 villains – and how you can defeat them. Do you dare enter this haunted house?

1. The Top 5 Application
Security Villains
TOUR THE HAUNTED HOUSE
DARE TO ENTER
TO ENCOUNTER THEM
HAPPY HALLOWEEN!
From Veracode

2. THIS WAY

3. SQL INJECTION
Watch out! SQL injection breaches, like mummies,
keep coming back to life. According to the 2014
Verizon DBIR, 80% of retail breaches targeting
web applications exploit SQL injection vulnerabili-ties.
Cyberattackers are constantly searching every
nook and cranny of your web applications to find
easily-exploitable weak spots such as SQLi — a
critical vulnerability which has been on the
OWASP Top 10 forever!

4. CROSS-SITE
SCRIPTING (XSS)
Another “greatest hit” from the OWASP Top 10,
cross-site scripting allows a cyberattacker to inject
arbitrary scripts into an unsuspecting website
which are then executed by the victim’s browser.
Just like Dracula’s bite takes over your soul, XSS
allows the attacker to place its victims under their
total control‚ leaving you vulnerable to scary and
malicious activities such as sensitive data theft,
data tampering and session hijacking.

5. THIRD-PARTY
VENDORS
Recent high-profile breaches have
shown that cyberattackers relish casting
their evil spells on third-party vendors.
This isn’t surprising — 90% of third-party
software doesn’t comply with the
OWASP Top 10. That makes it especially
vulnerable to attackers who target
third-party vendors as the path of least
resistance into organizations. Then they
methodically traverse your network,
casting spells to gain more powers
and elevated privileges as they go.

6. VULNERABLE
OPEN SOURCE
COMPONENTS
As we learned from Heartbleed
and Shellshock, open source com-ponents
often don’t undergo the
same level of security scrutiny as
in-house software. In fact, open
source and commercial third-party
components contribute an average
of 24 known vulnerabilities into
every web application. Just like
werewolves that start out as ordi-nary
humans, “friendly” compo-nents
are easily transformed into
dangerous creatures that expose
organizations to malevolent
threats including data breaches,
malware injections and DoS
attacks.

7. APPLICATIONS
ARE THE NEW
FRANKENSTEIN
Companies large and small, across all
industries, rely on software innovation
to drive their businesses. Just like
Frankenstein’s creators didn’t know how
big and powerful he would be, we couldn’t
have predicted that our increased reliance
on web, mobile, cloud and Internet of
Things technologies would also lead to a
massive increase in risk.

8. Veracode’s cloud-based service is a simpler and
more scalable way to reduce application-layer risk
across your global software infrastructure, including
web, mobile and third-party applications.
With Veracode, you can speed your innovations
to market — while defeating these vile application
security villains along the way!