Address third-party software risks.

One of the biggest risks to software applications can be third-party products or libraries. Issues in these can be common across the industry, and an attractive target for attackers.  
Why is third-party code such a risk?

Let’s think about the job of a hacker or malicious organisation. They continually research and probe software systems for security flaws, that they can then exploit for their benefit.  How do they get the biggest bang for their buck?  Is it from probing software used by one organisation (i.e. custom-built), or probing common software used by thousands of organisations?

Some of the biggest cyber news stories have come from commonly used, 3rd party software, such as the Struts 2 flaws, HeartBleed, Petya/non-Petya, and others.  Attackers found flaws in one piece of code and then used that vulnerability to attack all organisations they know are using that shared product, library, or code.

Are there many types of third-party attacks?

It could be argued that FormJacking has been one of the most successful forms of 3rd party attacks over the last few years.  For more information, see our previous article on [FormJacking].

How do organisations protect against third-party attacks in their software?

You can make great steps to remove the risk from the ever-changing third-party risk. The Uleska Platform quickly runs extensible and updated software composition analysis (SCA) testing against these known issues and is extensible to cover bespoke or new issue checks.

Vendors such as Veracode, Sonatype, and open-source checkers such as the OWASP Dependency Checker, and more, all have pre-built integrations into the Uleska Platform.  This means your security or software teams don’t have to waste time building these in manually, or even have to learn how to use these SCA tools.  Instead, they only need to turn the SCAs on in the Uleska Platform and your software changes and builds will be checked, every time, for third-party issues.

Furthermore, as Uleska co-ordinate these tools, in terms of maintenance, upgrades, etc., this is another task your security or software teams don’t need to keep on top of. 

All issues from SCA tools are stored, reported, risk analysed and monitored by the Uleska Platform, across all of your applications and teams, just like any other security issue.

Easily co-ordinate your third-party risk in a single platform.  Put security checks into place and ensure they are run every time and have easy access to the dashboards and associated risk - automatically.


Tags:

Continue reading

Subscribe to our newsletter for great cyber security resources and news.

No spam!