2015: Security Risk! Building Web Applications Using Pre-Built Parts!

There is almost nothing but positive things to talk about when speaking about pre-built, add-ons, extensions, frameworks relative to building a web application. Why reinvent the wheel when you can use proven parts?

However when it comes to using tools such as:

jQuery
Zepto
Snack
$dom
– xui
Joomla
Drupal
WordPress
DHTMLX
ProcessWire
concrete5
ImpressPages CMS

… and even smaller plugins such as the famous (or infamous) FCKeditor (now called CKEditor…

There are major reasons why such software should be carefully updated and patched regularly. Why?

– Software contains inherent flaws that will be exposed over time. If software is not supported by a paid team or a large community it will eventually be found to be susceptible to security vulnerabilities.

– All the above-mentioned products, while free in varying states, have had severe vulnerabilities. Joomla may be the worst culprit, but this is open to interpretation.

How to remediate potential risks?

1. Know what you have bought.
2. Know what you are using (open source or otherwise).
3. Review the code you have written.
4. Review the code that interacts with points #1 and #2. Ensure that this connecting code is up to date and secure.
5. Have a plan in place to regularly review the above items so that you are iron clad strong against such threats as new ‘in-the-wild’ exploits and employee attrition (leading to a lack of education and knowledge of your IT assets and general confusion).

Jock

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s