Glossary: Application Vulnerability

Application Vulnerability

Malicious attackers have now turned their focus towards application layer vulnerabilities. Approximately 90% of all security vulnerabilities found in software code are located in the application layer. Applications that are not properly tested have a risk of containing vulnerabilities that can be exploited by the attackers to gain privileged access and harvest information. Vulnerabilities are dangerous to companies as they can enable malicious attackers to gain access to company accounts, sensitive financial data, customer and client contact information, social security numbers, credit card numbers and other information that can be used for personal or financial gain. Some of the most common vulnerabilities today include:

SQL Injection
Insecure Cryptographic Storage
LDAP Injection
Cross-Site Scripting
Cross-Site Request Forgery

How to avoid and eliminate vulnerabilities Penetration (Pen) Testing is one of the oldest security solutions, still being used by organizations worldwide. While being an effective solution, its not involved in the development process and vulnerabilities are found int he latter stages of the development process. This is obviously not the ideal thing for organizations using Agile or DevOps methodologies, which are becoming more and more common. Another problem with Pen Testing is that multiple cycles are required to achieve comprehensive coverage, something that can cost a whole lot of money. Dynamic Application Security Testing (DAST) and Static Application Security Testing (SAST) have become the go-to security solutions for most organizations today. The latter provides the edge since it doesn't require a build to start working. Its also better in locating non-reflective vulnerabilities (i.e - XSS). Using a SAST solution, like Static Code Analysis (SCA), can help the organization build the security solution within the developer's IDE. This integration of the security into the developers environment helps treat security bugs like QA bugs, with everyone involved in the process. Learn more about application vulnerabilities in Vulnerability Knowledge Base.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Products

Services

Why Checkmarx

Solutions For

Company

Glossary: Application Vulnerability

Application Vulnerability

Solutions

Industry

Solutions For

Services

Partners

Company

Resources

Community