Last week a hacker known as “w0rm” attacked the Wall St. Journal website. W0rm is a hacker (or group of hackers) known to infiltrate news websites, post screenshots on Twitter as evidence, and solicit the sale of database information and credentials. Information stolen from the site would let someone “modify articles, add new content, insert malicious content in any page, add new users, delete users and so on,” said Andrew Komarov, chief executive of IntelCrawler, who brought the hack to the attention of the Journal.
Security is a major issue that’s highlighted by the rising number of multi-million dollar computer outages and security breaches in the news today. The breach of the Wall St. Journal website was the result of a SQL injection into a vulnerable web graphics system. Since the 1990’s the IT community has been talking about SQL injections (which are relatively simple to prevent) yet input validation issues still represent the significant majority of web application attacks.
At CISQ we’ve gathered hundreds of IT organizations, system integrators, outsourced service providers, and software vendors to create global standards for software quality, including metrics to measure and manage security, reliability, performance, and maintainability.
At the upcoming CISQ Seminar, “Measuring and Managing Software Risk, Security, and Technical Debt” on September 17, our experts will discuss technical liability and security weaknesses.
We’ll have Robert Martin, an expert from The MITRE Corporation, a not-for-profit organization that operates research and development centers sponsored by the federal government, to discuss the latest developments in the national cyber-security community. Robert Martin is co-creator of the Common Weakness Enumeration (CWE), a list of common software weaknesses that serves as a reference to developers and organizations building and purchasing applications. The CWE helps us identify and communicate vulnerabilities in code, design, or architecture. Robert Martin leads the CISQ working group on security.