Info security 2007: RAD is bad

Tis the season for predictions from information security vendors and it's scary out there--of course it has to be or there's no reason to buy from these folks.

Among the more notable information security predictions for the year ahead:

--SPI Dynamics, a Web application testing software and services company, predicts rapid application development is a disaster waiting to happen. SPI says:

"While increased quality is also a goal of RAD, in reality, quality is often sacrificed in order to meet deadlines. This includes proper security testing during the design and development phase which is often ignored and this unfortunate oversight can and will lead to additional security vulnerabilities and attack vectors if organizations do not implement security throughout key phases of the application development lifecycle."

Time to market vs. security. Hmm.

--Bridge hacking. SPI also says searches and requests between two Web sites are also ripe for attack.

"By hacking along bridges, attackers essentially piggyback on the trust between the two sites, gain an extra layer to hide behind and are able to attack the desired site quickly. As bridges continue to grow in popularity, hackers will increasingly exploit these vulnerabilities."

--Hit the printers.  SPI says all hardware such as printers and routers that run Web application servers are avenues to attack. Example: A vulnerable switch could be configured to re-route traffic to the attacker.
--Instant messaging. Symantec says instant messaging is also a key area to attack. Symantec predicts IM breaches will lead to confidential data leaks, proprietary data theft and more sophisticated worms.