Data breaches, data leaks, web defacements: Why secure coding is important

Abstract

On last December 2014, Security brokers (SB)—“Targeted Threats Team”—successfully completed a full analysis, which started back on January 2013, operating over 24 months of deep research and data correlation. Analyzing those main and biggest security incidents and data breaches occurred over the last ten years, starting from the faraway year 2004. The lesson learned was quite impressive and may somehow shake the modus operandi and the mental approach we are used to. This paper aims to recap those key points emerged from that research project, and those new logics we should internally apply within our organizations over the next months and upcoming years. This paper aims to provide, on its first section, the so-called big picture toward those main threats linked with information theft and leaks, and Web defacements, along with those consequent impacts on organizations, through keywords such as Cyber Intelligence, both from open and from closed sources. The second section of the paper provides a general overview of the importance of the so-called secure programming and on those typical mistakes that pop-up when running security testing projects, and advanced penetration testing activities, toward Web applications.