Doubts cast on the chances of secure development as vulnerabilities continue to exist

News by Dan Raywood

The concept of secure development is still a myth as it is failing to show any signs of materialising.

The concept of secure development is still a myth as it is failing to show any signs of materialising.

ProCheckUp has questioned, having published three vulnerabilities in one day, whether the secure development that was predicted by many is showing any signs of materialising.

It claimed that the vulnerabilities it published are not new and, along with other larger vulnerabilities still being exposed, result in a call for a greater commitment to secure development.

Jan Fry, head of PCI service at ProCheckUp, said: “We are still finding the same vulnerabilities across the industry, from the large corporations to the smaller players.

“The concept of secure development still isn't prominent. To exacerbate the situation, web developers are often under immense pressure to meet deadlines. Companies have to start making this a priority otherwise we will continue to find these unnecessary security risks.”

A vulnerability was published on Broadvision, where an attacker sets a session ID for a target domain on a victim's browser, and the target application will take the newly set session ID as valid. Once the victim user logs in, the session ID set by the attacker is considered active by the application and at this point, the attacker can go to the target site using the same session ID that was set on the victim user's session and hijack his/her account.

The second vulnerability published was that Orion application server example pages are vulnerable to cross-site scripting (XSS). The final vulnerability was on ringtail, where the 'inline' parameter processed by 'riv_install.asp' during the ‘Ringtail Image Viewer Client' install process is vulnerable to XSS.


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming event 

Webcast: Understanding this year's biggest adversaries - and how to combat them 

Nation-state activity, versatile, slippery strategies and Big Game Hunting - the threats are real, dangerous and ever changing. 
Brought to you in partnership with Crowdstrike