New software security report released, looking at XXS vulnerabilities and SQL injections.
Veracode released a report, State of Software Security, which suggests that even though XSS vulnerabilities are the most regularly occurring, and that SQL injections are the most common vulnerability, when it comes to 'severe vulnerability types' they aren’t actually.
We ask Mark James, ESET IT Security Specialist, about the variety of vulnerabilities cyber criminals tend to use.
“With so many applications using aspects of pre-written code, it’s no surprise so many vulnerabilities exist.
“As we build and expand our software or services many programs have already been created to do the simplest jobs and it makes sense to utilise those.
“It’s much easier to use an already existing piece of code that does the job rather than start from scratch.
“The speed in which we learn about software is increasing every single day we use it, as we push the boundaries we find ways to manipulate and abuse code we thought at one time was safe to use.
“Potentially every piece of code has vulnerabilities. The only way we are going to get safer is to stop using old outdated code and create new more secure software to do the same tasks.
“Unfortunately, finances often dictate that this is just not practical, if budgets are tight then the time and expense involved re-inventing the wheel make it virtually impossible.
“Moving away from antiquated, insecure software is the only way forward in securing our future systems.”
What do you consider the biggest malware threat? Let us know on Twitter @ESETUK.
Join the ESET UK LinkedIn Group and stay up to date with the blog. If you are interested in seeing where ESET has been featured in the news then check out our ‘In the news’ section.