Info security 2007: RAD is bad

Summary:Tis the season for predictions from information security vendors and it's scary out there--of course it has to be or there's no reason to buy from these folks. Among the more notable information security predictions for the year ahead:--SPI Dynamics, a Web application testing software and services company, predicts rapid application development is a disaster waiting to happen.

Tis the season for predictions from information security vendors and it's scary out there--of course it has to be or there's no reason to buy from these folks.

Among the more notable information security predictions for the year ahead:

--SPI Dynamics, a Web application testing software and services company, predicts rapid application development is a disaster waiting to happen. SPI says:

"While increased quality is also a goal of RAD, in reality, quality is often sacrificed in order to meet deadlines. This includes proper security testing during the design and development phase which is often ignored and this unfortunate oversight can and will lead to additional security vulnerabilities and attack vectors if organizations do not implement security throughout key phases of the application development lifecycle."

Time to market vs. security. Hmm.


--Bridge hacking. SPI also says searches and requests between two Web sites are also ripe for attack.

"By hacking along bridges, attackers essentially piggyback on the trust between the two sites, gain an extra layer to hide behind and are able to attack the desired site quickly. As bridges continue to grow in popularity, hackers will increasingly exploit these vulnerabilities."


--Hit the printers.  SPI says all hardware such as printers and routers that run Web application servers are avenues to attack. Example: A vulnerable switch could be configured to re-route traffic to the attacker.

--Instant messaging. Symantec says instant messaging is also a key area to attack. Symantec predicts IM breaches will lead to confidential data leaks, proprietary data theft and more sophisticated worms.

Topics: Security

About

Larry Dignan is Editor in Chief of ZDNet and SmartPlanet as well as Editorial Director of ZDNet's sister site TechRepublic. He was most recently Executive Editor of News and Blogs at ZDNet. Prior to that he was executive news editor at eWeek and news editor at Baseline. He also served as the East Coast news editor and finance editor at CN... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.