The security threat posed by insiders is often underestimated. According to an IBM study, 32% of attackers are insiders and 24% are “inadvertent actors” (e.g. people making mistakes that lead to a system breach or incorrect behavior.) One such class of insider attack is malicious code added during development that allows for future exploitation. Advanced static analysis tools can detect these within source and binary code before they get shipped to customers. In addition to existing detection for security vulnerabilities, this paper also talks about specific security vulnerability checks to detect certain insider attacks.
Other content on this topic
Thwarting Insider Attacks with Advanced Static Analysis
INTRODUCTION: The security threat posed by insiders is often underestimated. According to an IBM study, 32% of attackers are insiders and 24% are “inadvertent actors” (e.g. people...
Thwarting Insider Attacks with Advanced Static Analysis
INTRODUCTION: The security threat posed by insiders is often underestimated. According to an IBM study, 32% of attackers are insiders and 24% are “inadvertent actors” (e.g. people...
VDC Research Highlights Cybersecurity Concerns in Industry 4.0
Security concerns should guide decisions from the earliest stages through the full software development lifecycle in order to safeguard the Industry 4.0 architecture.
Enhancing Code Reviews with Static Analysis
INTRODUCTION: Code reviews (or inspections) are an effective way to reduce defects in software projects. In fact, defect removal rate can be as high as 75%, meaning two thirds of all...
The Economics of Static Analysis Tool Usage
INTRODUCTION: The most effective tool is one that reports a good number of true positives, without too many false negatives, without consuming too much compute...
VDC finds IoT fueling faster software development but with greater requirements for security protection
INTRODUCTION: VDC’s recent report “Software Assembly Practices Necessitate More Precautions” highlights a significant software challenge for IoT device manufacturers. A majority of...
What is Taint Checking?
Taint checking? This isn't a trap, I promise. It sounds vulgar, but its etymology is perfectly reasonable, stemming from the notion that data that has been "tainted" by a...
The Human Internet of Things (HIoT)
Being in the marketing department at a cyber-security research firm, I'm often struck by how little the average person worries about cyber security. Friends and strangers who ask me...
Using Static Analysis to Improve IIoT Device Security
INTRODUCTION: The Industrial Internet of Things is unique in that devices that compose industrial control systems are often insecure due to limitations in their design and capability....
Tackling the Software Development Challenges of the Industrial Internet of Things (IIOT)
INTRODUCTION: The Internet of Things is coming to industrial systems in a big way (the “IIOT”). But IIOT isn't just IOT with an extra 'I' -- industrial systems differ greatly in...
How Vulnerable Are You?
INTRODUCTION: The promise of static analysis is compelling but our most frequently-asked question is, "Where do we start?" Security is a top-of-mind concern, so we are also frequently...
2:32CodeSonar's Visual Tainted Data Analysis
CodeSonar's tainted dataflow analysis allows you to explore potentially dangerous data flows in a clear, visual way.
An Ounce of Prevention: Software hardening for securing IoT devices
INTRODUCTION: Every IoT and embedded device manufacturer endeavors to field secure and safe products. However, even with the robust development processes, it's difficult to ensure...