Welcome
About
News
Anonymous Reporting
Tools
MCA Chatter
Library
V-ID Terminal
Support
My Account

News

Icon representing US Coast Guard Bulletin: Cyber Adversaries Targeting Commercial Vessels
US Coast Guard Bulletin: Cyber Adversaries Targeting Commercial Vessels

June 21st 2019
Icon representing Would you pay $1m for a laptop full of malware?
Would you pay $1m for a laptop full of malware?

May 23rd 2019
Icon representing Singapore Opens Maritime Cybersecurity Operations Centre (MSOC)
Singapore Opens Maritime Cybersecurity Operations Centre (MSOC)

May 22nd 2019
 
 
 

Report: 88% of Java Apps Vulnerable to Attacks from Known Security Defects

 
October 18th 2017
A new report from CA Veracode has exposed the pervasive risks companies face from vulnerable open source components.

In its 2017 State of Software Security Report the firm reviewed application security testing data from scans of its base of 1400 customers, discovering that 88% of Java applications contain at least one vulnerable component, making them susceptible to widespread attacks.

A cause of the problem, in part, is that fewer than 28% of companies carry out regular analysis to see which components are built into their applications, Veracode claimed.

“The universal use of components in application development means that when a single vulnerability in a single component is disclosed, that vulnerability now has the potential to impact thousands of applications – making many of them breachable with a single exploit,” said Chris Wysopal, CTO, CA Veracode.

There have been plenty of examples of high-profile Java app breaches caused by vulnerabilities in open source or commercial components in the last year, one such being the ‘Struts-Shock’ flaw affecting the Apache Struts 2 web application framework.

“Development teams aren’t going to stop using components – nor should they, but when an exploit becomes available, time is of the essence,” Wysopal added. However, as evidenced in the report, the most severe flaws require significant time to fix (only 22% of very high severity flaws were patched in 30 days or less), with most attackers leveraging vulnerabilities within days of discovery.

“We’ve now seen quite a few breaches as a result of vulnerable components and unless companies start taking this threat more seriously, and using tools to monitor component usage, I predict the problem will intensify.”

Source

Keywords