In the computing and technology world a hacker is simply someone who looks to exploit network security issues and weaknesses in a computer system. The reasons hackers dedicate so much time and effort to these activities is that they are motivated by reasons including profit, protest or to simply challenge themselves and gain credibility and reputation. Companies like Facebook have in the past hired computer programmers that have shown exceptional hacking abilities at the company’s annual hack-a-thon for instance.
Veracode, the leader in cloud based application security testing, has recently released its annual state of software security report. The report includes up to date and extensive research on software vulnerability trends as well as some predictions on how these flaws could be exploited if left unaddressed and ultimately what this may mean for organisations and security professionals.
One of the most outstanding predictions made by Veracode suggests there will be a rise in ‘everyday hackers’. What this means is while vulnerabilities are being realised on a daily basis more and more information and tutorials on how to exploit these are becoming more readily available across the net. A simple Google search for ‘SQL injection hack’ yields 1.74 million results, including detailed videos with explicit instructions on how to exploit these common SQL injection vulnerabilities. The availability of this information makes it easier and more possible for less technically skilled hackers to take advantage of this flaw and many more. While SQL injection flaws are easily identified and fixed, Veracode found that over 32 percent of web applications are still affected by SQL injection vulnerabilities.
Evidence linking organisational intrusions and data breach events to application security issues is expanding at an exponential rate. Web-based intrusions and hacking in general accounts for 52% of the breaches in 2011 and 2012 and this figure looks set to rise into 2013. This comes as despite substantial improvements in awareness of the importance of securing software, decreases in the amount of exploitable coding flaws are not being seen.
The research also concluded that the leading cause of security breaches and data loss for organizations stemmed from insecure software. The report found that 70 percent of software typically used by companies failed to comply with enterprise security policies on their first submission for security testing. Ultimately, organisations need to be proactive and take action now to improve security measures on existing applications and networks, hackers and security threats are not going to go away anytime soon so every organisation out there should be doing everything they can to strengthen their defences and make it impossible for these threats to comprise the company.