The rising number of security breaches and high-profile cyber attacks have reached “epidemic” stages, according to security researchers as reported by Zero Day.
According to SANS Institute security instructor Pieter Danhieux, a major part of the problem is that coders learn security practices too late in their training to be effective, resulting in security staff being unprepared for the rising tide of hacking and security breaches worldwide.
Danhieux says that coding students are taught cyber security practices late in each class, which makes it difficult for them to design programs with security as a top priority – resulting in applications with buffer-overflow and SQL injection vulnerabilities, the article says. These vulnerabilities are widely exploited, including by hacker collective Anonymous, Zero Day reports.
These were also the most fundamental mistakes made by coders a decade ago – not much has changed.
“But you can’t just say it’s just down to insecure program design,” he says in the article. “The bigger problem is still due to insecure passwords, over privileged (sic) users and poorly patched systems.”