Verizon recently came out with a great analysis of thousands of security breaches. Here’s what fascinated me most:
The universe of threats may seem limitless, but 92% of the 100,000 incidents we’ve analyzed from the last 10 years can be described by just nine basic patterns.
– Verizon’s 2014 Data Breach Investigations Report
Those nine patterns are:
- Point-of-sale intrusions
- Web app attacks
- Insider and privilege misuse
- Physical theft and loss
- Miscellaneous errors
- Crimeware
- Payment card skimmers
- Denial of service
- Cyber-espionage
Within the realm of web application security, Verizon has done a nice job of highlighting some important basic controls that can improve your application’s security.
- Single-password fail
- Rethink CMS
- Validate inputs
- Enforce lockout policies
- Monitor outbound connections
You can download the report without registering. Pour yourself some coffee, sit down, and read it. We’re all better off if our technology is more secure.
Alan on Development 