Link between hacking and source code security

People mostly link hacking to application security, and not necessarily go one step further and link it to source code security. In order to understand this concept better, we need to take a look at recent hacking incidents, the related statistics, and the lessons therein.

We live in an increasingly digitized world where everything is done through devices and applications using the Internet. Though overall this has eased our lives and made it convenient, the risks associated have also increased. A PWC report put cybercrime as the second most reported economic crime of 2016. The report further states that 32% of organizations were affected, while only 37% of the organizations have a cybercrime incident response plan. Interestingly, it also states that many respondents did not even know whether they were compromised or not.

All these statistics prove that organizations are learning their lessons, but rather slowly and the hard way, after compromising information, security and reputation not, to mention the associated damage control costs.

Recent hacking attacks

Well, it appears that we get to see news on hacking attacks almost every day nowadays. Even the recently concluded United States Presidential elections were linked to Russian hacks, aimed at a Trump win, you realize how serious the problem has grown to be.

There were a few major incidents in India where a developer hacked the Prime Minister’s app, apparently with the intention of exposing security loopholes and how easy it was to hack. The twitter accounts of the Indian National Congress’s Vice President and his party too were hacked and some damaging contents were posted. Even the banks had a tough time, as around 32 lakh debit cards across many banks were compromised through malicious software placed in ATMs.

One of the worst known cyber attacks that resulted in an outage in most parts of the United States and Europe happened on 21st October last year. This caused temporary shutdowns of websites like Twitter, Airbnb, Netflix, Reddit etc. This was done by attacking Servers of Dyn which holds a large share of the Internet DNS servers.

We all are familiar with the Yahoo user accounts being hacked twice across last year. Even the social media accounts of Facebook founder Mark Zuckerberg were hacked. Cybercrimes, therefore, are here to stay and are on the rise. The key is to understand why the hacks happen and plug them well and good.

Source code security

Almost all hacks happen because they are able to find vulnerabilities in the source code and weak or stolen passwords. Almost 75% of the successful hacks made on applications exploited well known vulnerabilities which could easily have been plugged or fixed according to a Gartner report.

This is where source code security comes in. The source code security can be achieved through using Static code analyzers that scan the code for potential vulnerabilities. A whole host of vulnerabilities can be scanned for and fixed early on during the software development itself.