Sunday, 10 July 2011« Adding X-Ray technology to black box analysis tools: Part 1 | Main | Educating the Next Generation to Build Secure Software »
Terminator and Hacker are somewhat, similar, they both look cool and more important, they both come from future.
When we build an application, we build it today, fix all the vulnerabilities we know as of today. However, hackers will attack it tomorrow, or next week, or next year, with techniques that we may not even heard of or aware of as of today.
I initially worked for Fortify as a Security Consultant in Asia. And in 4 years, I only saw a few customers who have streamlined processes to handle applications in “maintenance” mode. The easy part is to setup a process using latest version of Fortify SCA with latest rules to scan “maintenance” applications on regular basis even if there is no change in the program code. But the difficult part is to make sure there is always “someone” responsible for taking appropriate actions, or fixing the code if needed.
The same logic applies to real-time protection as well. For instance, Fortify released a special runtime rule in February for Fortify RTA to protect Java applications from a new type of DoS attack. But unless you updated your rules, Fortify RTA won’t be able to stop hackers from using this attack to “Terminate” you.