Many security personnel tend to overlook the mounting risks that existing code are often exposed to.
Product specific domains may not have any security flaws on the day they are put into production, however over time, according to Jerry Hoff, vice-president of the static code analysis division of Web application security firm WhiteHat Security, risks associated with some of these domains are likely to increase.
Hoff recently outline four ways in which such risks are most likely to develop from:
Evolving threat landscape – What seemed secure years ago will likely become insecure today since the threat landscape is constantly changing. New technology provide new arsenal for attackers and often expose the weaknesses of older algorithms.
Internal apps exposed – Security for many Web sites built for internal use are sometime not as hardened as those for their external facing counterparts. Problems arise when new partnerships, acquisitions, new technologies and changing goals find these previously internal-facing assets are exposed externally.
Aging platforms – Some organization may still be running older Web platforms that have been abandoned by their creators and developers. These are prone to risks as the may require older versions of databases, operating systems, Web servers and Web containers.
Outdated libraries, frameworks – Libraries and frameworks that have become out-of-date, are likely to have amassed a large number of disclosed vulnerabilities over the years.
In order to mitigate the risks their organizations are exposed, IT teams need to audit of existing platforms, libraries and frameworks of the company is necessary. They have to determine which assets need to be patched, modified, replaced or discarded.
To find out how to deal with these four legacy application risks, click here