Garbage in, garbage out is shorthand for “incorrect or poor quality data will always produce faulty results.”
The “garbage data” vulnerability is especially gnarly in that there is actually no fix – no cure.
The only viable development strategy is one of avoidance.
Applications drive corporate success. As noted by Business 2 Community, the average American smartphone owner uses more than 10 apps per day and spends over three hours per day connected to the Internet via their mobile device. The problem? Rapidly-expanding app markets combined with easy-to-find hacker kits make the current environment a cybercriminal’s paradise — according to recent Ponemon data, the average cost of a data breach is around $3.62 million and the size of breaches is trending up. It gets worse: According to Gartner, 99 percent of app vulnerabilities exploited won’t rely on new, sophisticated attack vectors, but existing vulnerabilities that infosec pros have seen in the wild for at least a year.
Cyber-attacks, evolving privacy and intellectual property legislation, and ever-increasing regulatory obligations are now simply “the new normal” – and the implications for development organizations are unavoidable; application risk management principles must be incorporated into every phase of the development lifecycle.
Organizations want to work smart – not be naïve – or paranoid. Application risk management is about getting this balance right. How much security is enough? Are you even protecting the right things?
Like so many of us returning from Build 2017, we at PreEmptive are feeling both energized and highly motivated. Energized because of the truly impressive innovation coming out of both Microsoft and our larger ecosystem – and motivated because we can all see the expanding concern around application risk management and data security in this rapidly evolving world – and of course, that is where PreEmptive Solutions comes in.
According to NIST’s National Vulnerability Database, six vulnerability categories have grown from 68% to over 84% of the total number of reported vulnerabilities in just the past four years.
As I read the article:
Car Makers Haven’t Learned: Insecure Apps Expose Millions Of Connected Cars To Theft, Risks. I was reminded (again) that an issue for IoT devices is that their manufacturers have been slow to implement security for the software that runs on them. The focus has been on getting them out as quickly and as inexpensively as possible.
Released on September 31, 2016, Dotfuscator Professional 4.25 includes, for the first time, the ability to inject real-time detection, defense, and notification of unauthorized debugger use against production applications.