The 5 most common types of vulnerabilities according to Trend Micro

Trend Micro uncovers the most common software and system vulnerabilities that are nightmares for enterprise DevOps teams.

One of the benchmarks for cybersecurity solutions, Trend Micro, reviewed the most common vulnerabilities. These flaws, with which DevOps (development and operations) teams in companies around the world are learning to live, are growing exponentially. Detected threats increased by 42% in 2021 according to Trend Microwith an intensity of cyberattacks stronger than ever.

Vulnerabilities that rely on the lack of vigilance of developers

First of all, Trend Micro draws our attention to “legacy vulnerabilities”, which arise from the use, for the creation of certain modern software, of open source libraries and codes (80% of code bases are based on open source code or libraries), which can sometimes contain vulnerabilities, which applications then inherit directly.

Vulnerabilities may vary by language or framework (software infrastructure) of development, and this is where you have to be very careful, since some languages ​​can rely on libraries which, themselves, depend on libraries which create a dependency that is difficult to detect or control. Trend Micro recommends performing an automated vulnerability scan, such as software composition scanning, ” which helps detect and fix known vulnerabilities in direct and transitive dependencies “.

Another vulnerability and not the least: that of the software supply chain (or Software supply chain). This particularly sensitive chain consists of all the end-to-end components that allow you to write software. The risk lies in the successive stages of this chain: source string control, code, packages, other dependencies, etc. Developers are sometimes tricked into being provided with a malicious version of an application with a similar name, for example, in the hope that the developer is using it by mistake. Here too, an automatic code analysis and vulnerability detection solution can help the developer to anticipate the malicious act.

Trend Micro advises companies to apply the principle of “least privilege” for their DevOps teams

Next, Trend Micro identified the code injection (or remote code execution) vulnerability, which is historically one of the most common. It occurs when a flaw allows a hacker to introduce his own code, provided he knows the programming language, the framework or the operating system used by the application. Attackers can then inject code using a text input field (of a form), to force the server to respond to the hackers’ wish. This vulnerability can then be used to take control of a device remotely. To protect against this, it is a good idea to use a source control code analysis tool, which is very useful during the DevOps construction phase.

Another well-known vulnerability is that of authorization and access. It’s a real vicious circle, since you have to make sure to limit the number of people, within the DevOps team, who will have high administrative access rights. Because the larger this number, the larger the vulnerable attack surface. ” It is best to tightly regulate access to systems and permissions to perform specific actions “, Explain Trend Micro. If the hacker manages to exploit an access control security vulnerability, the consequences can be dramatic, including escalation of privileges, unauthorized content exposed, or distributed denial of service. It is therefore better, when creating an application, to apply the principle of “least privilege” within DevOps teams, to mitigate risks. Clouds like Azure or AWS offer these suitable identity services.

At last, Trend Micro wanted to bounce back on a fifth common vulnerability: that of the security configuration error. Whether the error hits code, infrastructure, or other critical services, exploited vulnerabilities have consequences. Regardless of location (work or home), the strain on the Cloud is pushing more and more organizations to store certain sensitive files on public platforms like GitHub, which can compromise a business. All information that can be used for identification must therefore be stored in Azure Key Vault or Terraform Vault type safes, which protect the secrets used by certain services, in order to mitigate the risk.

Source: Trend Micro