Application Protection Research Series—Summary 2nd Edition
- by nlqip
Viewed in this way, our research illuminates some interesting aspects of the current state of security. In 2018, to the extent that new attack techniques and approaches emerged, it was largely in response to changes in how organizations design, create, and manage applications. The context that makes old attack techniques like injection and phishing newly relevant is the pattern of decentralization and disintegration that applications have been experiencing over the last few years. While this trend offers business advantages for organizations, it also transfers known risks into relatively less well-known or well-understood forms that the industry will take time to process.
In other words, attackers have not needed to come up with new tricks. They were able to wait until application owners changed things, usually in the direction of greater complexity and abstraction, and then exploit the resulting visibility challenges using slightly modified versions of attacks that are already well-known and understood. This is why formjacking, API hacking and phishing have the prevalence that they do today.
Source link
lol
Viewed in this way, our research illuminates some interesting aspects of the current state of security. In 2018, to the extent that new attack techniques and approaches emerged, it was largely in response to changes in how organizations design, create, and manage applications. The context that makes old attack techniques like injection and phishing newly…
Recent Posts
- Hackers Exploit Default Credentials in FOUNDATION Software to Breach Construction Firms
- How to reduce cyber risk during employee onboarding
- Germany seizes 47 crypto exchanges used by ransomware gangs
- Police dismantles phone unlocking ring linked to 483,000 victims
- Ahead Adds Former Google Cloud VP To Board To ‘Fuel’ AI, Hybrid Cloud