Organizations are becoming increasingly aware of the importance of secure coding. Secure coding includes software development principles in an effort to minimize the introduction of vulnerabilities within software applications. One of the most common software vulnerabilities is insufficient input validation, which accounts for 50 percent of the most critical vulnerabilities reported to the National Vulnerability Database from 2011 to 2015. Poor input validation is a decades old challenge and to that point, is believed to have caused a glitch within a medical device during the 80s that resulted in patients being over-radiated. Additionally, a failed space launch (including ten years of lost productivity) was also blamed on this same issue and resulted in a $7 billion loss. In this webinar, AIS’s Thomas Dube will showcase an input validation failure by demonstrating a known command injection vulnerability (CVE-2015-5083) within an open-source firewall application. Thomas will then discuss methods of input validation, while demonstrating AIS’s efforts to reduce the likelihood of this critical vulnerability.
- Cyber Supply Chain Reference Document
- NIST Special Publication 800-160, Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems Digest Article
- Protecting Controlled Unclassified Information (CUI) in Nonfederal Systems and Organizations (NIST SP800-171 Revision 1) CSIAC Webinar
- Trump Announces $1.5bn for Cyber-Security and Critical Infrastructure Digest Article
- Android Security Bulletin February 2017: What You Need to Know Digest Article