Quality Assurance and Project Management

Sep 30 2017   12:08PM GMT

Security Flaws – Top 3 Code Vulnerabilities Causing Security Gaps

Jaideep Khanduja Jaideep Khanduja Profile: Jaideep Khanduja

Application security
code security

Increasing presence on internet demands higher level of security. Same way, enterprises are moving to cloud for residing their valuable data and applications. All this attracts potential risks, especially in terms of virus, ransomware, and malware. In fact, hackers only need a small wsecurity flaw to penetrate into your servers thus causing a big harm to your data and applications. Not only that, this in turn, also impacts business continuity and reputation. In adition, there are huge financial losses due to heavy ransom demand for unlocking or decrypting your data. Any vulnerability in code can produce leakages and security gaps. Though there are many leakage possibilities of that you need to think of while writing a code. As a matter of fact, testing has to be the strongest area in the whole development cycle. You need to find the best of the tools, methodologies, and skill to tackle that.

The most common gap in coding causing security flaw is Hidden Field Manipulation. This is most prominent in e-commerce portals. On the other hand, you need to adopt extra protection for an e-commerce website due to the kind of transactions it handles. Recently there was a case reporting a billion of loss during a month due to amounts getting debited from the company account insrtead of customer’s accounts for purchase transactions. Was it due to a flaw in code or an intentional move by an employee is yet to ascertain. In Hidden Field Manipulation, applications encapsulate some hidden fields within web pages. Due to immature handling of coding standards some of these field carrying highly crucial information might land a company into a big trouble.

Security Flaws Can Land An Enterprise Into Big Trouble

The second most common factor responsible for security flaws due to code vulnerability is Cross-site Scripting. This, in fact, is more prone to happen because of careless coding. It becomes a golden gate for hackers letting them steal sessions or inject malicious content thus defacing a webpage to vulnerable content or redirecting users to malicious sites.

Security Flaws

Photo via Visualhunt.com

The third most common loophole in coding is Cross-site Request Forgery. This kind of Secutiry Flaws happen due to negligence of coders while coding. If acode doesn’t understand the value of random tokens and reauthentication on a critical data transaction page, it could cause havoc. In fact, if these two factors are mssing an attacker becomes free to perform transactions on behalf of users. Depending on the accessibility rights of a user, the intruder can cause any volume of damage to an organization.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: