Info security 2007: RAD is bad

Info security 2007: RAD is bad

Summary: Tis the season for predictions from information security vendors and it's scary out there--of course it has to be or there's no reason to buy from these folks. Among the more notable information security predictions for the year ahead:--SPI Dynamics, a Web application testing software and services company, predicts rapid application development is a disaster waiting to happen.

SHARE:
TOPICS: Security
1

Tis the season for predictions from information security vendors and it's scary out there--of course it has to be or there's no reason to buy from these folks.

Among the more notable information security predictions for the year ahead:

--SPI Dynamics, a Web application testing software and services company, predicts rapid application development is a disaster waiting to happen. SPI says:

"While increased quality is also a goal of RAD, in reality, quality is often sacrificed in order to meet deadlines. This includes proper security testing during the design and development phase which is often ignored and this unfortunate oversight can and will lead to additional security vulnerabilities and attack vectors if organizations do not implement security throughout key phases of the application development lifecycle."

Time to market vs. security. Hmm.


--Bridge hacking. SPI also says searches and requests between two Web sites are also ripe for attack.

"By hacking along bridges, attackers essentially piggyback on the trust between the two sites, gain an extra layer to hide behind and are able to attack the desired site quickly. As bridges continue to grow in popularity, hackers will increasingly exploit these vulnerabilities."


--Hit the printers.  SPI says all hardware such as printers and routers that run Web application servers are avenues to attack. Example: A vulnerable switch could be configured to re-route traffic to the attacker.

--Instant messaging. Symantec says instant messaging is also a key area to attack. Symantec predicts IM breaches will lead to confidential data leaks, proprietary data theft and more sophisticated worms.

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

1 comment
Log in or register to join the discussion
  • Don't forget mobile threats

    Mobile malware is rapidly evolving too, and according to Kaspersky Labs, ??it took computer viruses over twenty years to evolve, and mobile viruses have covered the same ground in a mere two years. Without doubt, mobile malware is the most quickly evolving type of malicious code, and clearly still has great potential for further evolution.? Mobile threats are increasingly sophisticated and can more quickly propagate. In fact, experts predict the evolution of mobile malware will outpace the growth of traditional Internet malware. Malicious intent seems to range from sabotage to fraud and, because organizations and individuals depend more and more on mobile communications, the stakes are high. It seems that a pandemic-level attack could impact millions of users very quickly. I think we'll see a lot more activity around this areas specific to mobile - malware, DDoS and fraud.

    Brian T. Contos, CISSP, CSO ArcSight Inc.
    bcontos