The recent Equifax data breach may have exposed Personally Identifiable Information (PII) on over 143 millions Americans.
It appears that this breach was caused by a Struts vulnerability – which allows a remote user to run code on a site. This vulnerability would be categorized under #9 of the OWASP Top 10 list of the Most Critical Web Application SecurityApplication security is the protection of software applications from cyber threats and vulnerabilities. Policies are established to guide the development and deployment of applications in a secure manner. Procedures are created to detail the steps necessary to secure applications and to ensure that policies are consistently followed. Training is provided to developers and other personnel to ensure that they understand the policies and procedures and are able to apply them effectively. By implementing policies, procedures, and training in SPIO, organizations can reduce the risk of cyber attacks on their applications and protect sensitive data from theft or damage. Risks.
Matt Konda, Jemurai CEO & OWASP Global Chair, created a short video training for developers, where he shares his thoughts on mitigating this vulnerability.
Check it out:
Mitigating the Vulnerability Widely Thought to Have Caused the Equifax Breach from Jemurai on Vimeo.