CS代考 We See the Future and it’s Not Pretty Predicting the future using vulnerabi

程序代写 CS代考 / android, IOS, Java代写代考, SQL代写代考

We See the Future and it’s Not Pretty Predicting the future using vulnerability data
, CTO & Co-founder, Veracode

What is the SoSS Report?

Copyright By PowCoder代写 加微信 powcoder

SoSS is the “BEFORE” Breach Reports are the “AFTER”

Dataset Overview
22,430 application builds from Jan 2011 to Jun 2012

Application Security Metrics
▸ Flaw counts
▸ Flaw percentages
▸ Application count
▸ Risk-adjusted rating
▸ First scan acceptance rate
▸ Time between scans
▸ Days to remediation
▸ Scans to remediation
▸ CWE/SANS Top25 (pass/fail)
▸ OWASP Top Ten (pass/fail)
▸ Custom policies
Application Metadata
▸ Industry vertical
▸ Application supplier
(internal, third- party, etc.)
▸ Application type
▸ Assurance level
▸ Language
▸ Platform
▸ Scan number
▸ Scan date
▸ Lines of code
▸ Flaw type

The latent Vulnerabilities vs.
The Attacks

Top 5 Attacked Web Application Vulnerabilities

Key Finding:
70% of applications failed to comply with enterprise security policies on first submission.

New applications have known and exploitable vulnerabilities

Build over Build Improvement

Key Finding:
SQL injection prevalence has plateaued, affecting approximately 32% of web applications.

Flat SQL injection trend suggests more attacks in 2013

Programming Language Selection Matters

Language Details

Java Applications

.Net Applications

PHP Applications

Cold Fusion

Prevalence of Apps With Flaws by Language
Command Injection
Directory Traversal
Crypto Issues
SQL Injection
ColdFusion PHP

1st to 2nd Test Improvement by Language
Command Injection
Directory Traversal
Crypto Issues
SQL Injection
PHP .NET Java
20% 30% 40% 50% 60%

Key Finding:
Cryptographic issues affect a sizeable portion of Android (64%) and iOS (58%) applications.

Key Findings:
 70% of applications failed to comply with enterprise security policies on first submission.
 SQL injection prevalence has plateaued, affecting approximately 32% of web applications.
 Eradicating SQL injection in web applications remains a challenge as organizations make tradeoffs around what to remediate first.
 Cryptographic issues affect a sizeable portion of Android (64%) and iOS (58%) applications.
Predictions:
 Average CISO Tenure Continues to Decline.
 The Rise of the Everyday Hacker
 Decreased Job Satisfaction/ Higher Turn-over for Security Professionals.
 Default Encryption, Not “Opt-in,” the Norm.

Questions?

程序代写 CS代考 加微信: powcoder QQ: 1823890830 Email: powcoder@163.com

Related Posts