Secure Code

We recently discovered more than 50% of 500 early-stage startups that we audited are exposed to this vulnerability known as DMARC (Domain-based Message Authentication Reporting & Conformance). While this is considered a low level of vulnerability, it has the potential far-reaching consequences if left unaddressed in terms of Phishing attacks (Clone, Spear and Disinformation attacks).

To us, this emphasized the fundamental need for a strong security foundation. To this end, a holistic view needs to be adopted when examining and reviewing your company's security posture to protect you from current vulnerabilities and meet any new ones that may present themselves to ensure you have the most secure system possible.?

We will be deep-diving into three core areas in a weekly 7-part series that is focused on providing early-stage startups with a holistic view of their security posture while providing comprehensive coverage of real tools that can be used for an initial security hardening and then provide constant security monitoring to be in line with best practises.

The three core areas covered will be:

Code:?

• How secure is the code that you are deploying
• What are the major vulnerabilities relating to code
• What tools can be used to secure code

Infrastructure:?

• Common issues and pitfalls while provisioning cloud infrastructure
• Tools and techniques to secure Infrastructure

Monitoring:?

• Problems of skipping or partial monitoring
• Guide lines for effective monitoring and response

What exactly is secure code, and how important is it to an application's security? In many ways, securing your code is the first step you should consider when creating an application, especially considering your attack service is larger due to distributed architectures built with an amalgamation of services. As the statement goes, "Security is Only as Strong as the Weakest Link," and you must ensure your application's foundation (code) is not that.?

We explore this further in the first article of the series, that focuses on the fundamentals of secure code and explores the 5 OWASP?(Open Web Application Security Project)?listed vulnerabilities as it relates to application code. These are:

1. Broken Access Control:?When a user can access resources or data that they are not supposed to.
2. Cryptographic Failures:?Occurs when sensitive data (as categorized by GDPR, PCI etc.) is not appropriately encrypted in transit or at rest.
3. SQL Injections:?An attack hiding an injection script (like SQL, NoSQL, or OS Commands) along with the request payload and making applications believe it is a legitimate request.
4. Vulnerable and Outdated Components:?This category resulted in more data breaches than any vulnerability in OWASP's top 10 list. Put simply, this is using components or services that have known vulnerabilities that can be exploited.?
5. Identification and Authentication Failures:?Failures in confirming the user's identity, authentication, and session.?

You can find the full article link in the comments section!

Thanks for reading.

The Archmyides team