Security

#Irisscon: Stop Siloing Vulnerability Management to Deal with Old Bugs

Some common vulnerabilities are coming up to their 30th birthday, and some were “coined in the days of Netscape Navigator.”

Speaking at Irisscon in Dublin, Edgescan CEO Eoin Keary said that one of the problems in cybersecurity is vulnerability management being siloed, and network security and web application security testing being determined as another silo and “something to look at is our assets as a full stack which will continually change all the time.”

Keary said that code is pushed out by developers as part of their job which drives the company daily, and applications are deployed quicker, so we need to realize what impact a penetration test will have. “A one-off penetration test is a snapshot in time and by the time the report is delivered, new code is deployed and the system has changed,” he said.

Keary made reference to the Magecart attacks, saying that with some intelligence of the change in code these types of attack could be prevented. “Change gives rise to risk and gives rise to vulnerabilities.”

He said that full stack security should be considered over a one-time penetration test, but also the pitfalls of DevSecOps also need to be understood “as it gives you a false sense of security and you will catch the low hanging fruit.”

Also speaking at the conference, Dave Lewis, advisory CISO at Duo Security, cited the vulnerabilities that allowed the WannaCry ransomware to spread, saying that this was “something that was a known bad for a decade” and “we need to do better than this.”

Articles You May Like

Ransomware Gangs Adopting Business-like Practices to Boost Profits
Malicious PyPI Packages Using Compiled Python Code to Bypass Detection
Windows adds support for RAR, Netflix cracks down on passwords, and Meta lays off workers
NXP unveils its latest processor, the i.MX 91, during Computex
Critical OAuth Vulnerability in Expo Framework Allows Account Hijacking

Leave a Reply

Your email address will not be published. Required fields are marked *