Glossary: Application Vulnerability

Application Vulnerability

Malicious attackers have now turned their focus towards application layer vulnerabilities. Approximately 90% of all security vulnerabilities found in software code are located in the application layer. Applications that are not properly tested have a risk of containing vulnerabilities that can be exploited by the attackers to gain privileged access and harvest information. Vulnerabilities are dangerous to companies as they can enable malicious attackers to gain access to company accounts, sensitive financial data, customer and client contact information, social security numbers, credit card numbers and other information that can be used for personal or financial gain. Some of the most common vulnerabilities today include:

SQL Injection
Insecure Cryptographic Storage
LDAP Injection
Cross-Site Scripting
Cross-Site Request Forgery

How to avoid and eliminate vulnerabilities
Penetration (Pen) Testing is one of the oldest security solutions, still being used by organizations worldwide. While being an effective solution, its not involved in the development process and vulnerabilities are found int he latter stages of the development process. This is obviously not the ideal thing for organizations using Agile or DevOps methodologies, which are becoming more and more common. Another problem with Pen Testing is that multiple cycles are required to achieve comprehensive coverage, something that can cost a whole lot of money.
Dynamic Application Security Testing (DAST) and Static Application Security Testing (SAST) have become the go-to security solutions for most organizations today. The latter provides the edge since it doesn’t require a build to start working. Its also better in locating non-reflective vulnerabilities (i.e – XSS). Using a SAST solution, like Static Code Analysis (SCA), can help the organization build the security solution within the developer’s IDE. This integration of the security into the developers environment helps treat security bugs like QA bugs, with everyone involved in the process.

Learn more about application vulnerabilities in Vulnerability Knowledge Base.

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.

Necessary

Always Enabled

Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.