Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Third party application vulnerability in the cloud

Imperva : 30 January, 2013  (Technical Article)
Intelligence report from Imperva uses Yahoo! breach to research third party code vulnerabilities in cloud computing
Third party application vulnerability in the cloud

Imperva has announced its January Hacker Intelligence Initiative Report, “Lessons Learned from the Yahoo! Hack,” which examines the dangers of third-party code in cloud computing.

In December 2012, a hacker breached Yahoo! with an SQL injection attack that took advantage of a vulnerability in a third-party application that was provided on the Yahoo! Web site. This attack highlights the risk that many Web applications face: Web applications may contain some sort of third-party code, such as APIs, that was not created by the developers.

“The weak link in the Yahoo! attack was not programmed by Yahoo! developers, nor was it even hosted on the Yahoo! Servers, and yet the company found itself breached as a result of third-party code,” said Amichai Shulman, CTO, Imperva. “The challenge presented by the Yahoo! breach is that Web-facing businesses should take responsibility to secure third-party code and cloud-based applications.”

In “Lessons Learned from the Yahoo! Hack,” Imperva recommends specific business and technical steps.  From a business standpoint, for example, enterprises should:

* Put in place legal requirements in a contract for what you will and will not accept from a security perspective.
* Incorporate security due diligence for any merger or acquisition activity.

Technically, Imperva recommends enterprises:

* Conduct a Web application vulnerability security assessment. A manual review of Web application security or proper use of automated Web application security vulnerability assessment can identify potential vulnerabilities that should be addressed in the software development lifecycle (SDLC).
* Deploy a Web Application Firewall (WAF).  A WAF serves as a security policy enforcement point that prevents vulnerable Web applications from being exploited.

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo