https://www.darkreading.com/partner-perspectives/f5/where-do-security-vulnerabilities-come-from/a/d-id/1329951?
I thought this article was timely, considering we are reviewing a company’s footprint. The author states security vulnerabilities come from three places, code quality, complexity and overly trusting data inputs.
I found it fascinating that “the current version of the Firefox browser, which contains 16 million lines of code written by 5,094 developers over ten years” and cannot imagine the complexity.
The author suggests reducing your exposure to only what you need, limit what you expose to the internet, perform risk assessments and test often.
Donald Hoxhaj says
Christie – Very interesting article. I found another article that supplements the one you posted. Initial, the article identifies the difference between Authentication and Authorization and then goes into detail on common security vulnerability mistakes. The article identifies the following common mistakes: Injection flaws, broken authentication, cross site scripting, insecure direct object references, security misconfiguration, sensitive data exposure, missing function level access control, cross site request forgery, using components with known vulnerabilities, and unvalidated redirects and forwards. Again great article Christie!
Matt Roberts says
This was very interesting to find out specifically what factors actually cause vulnerabilities. The reasoning of why this continues to be a problem is also fascinating. I was particularly interested in the issue of code quality, where the author pointed out that developers tend to favor minimal features when creating software and then adding to it as needed down the road. This can cause all sorts of delays and expenses that can leave a system vulnerable. In order to tackle problems like these, the mindset of the developer should be more towards minimizing risk from the outset.