Application Security Taking Center Stage for Retailers
3. Scrutinize off-the-shelf frameworks and open source components. Third-party elements can provide hackers with loopholes and vulnerabilities that may bring an entire system down. It's highly recommended to create a list of guiding security principles for new projects, while maintaining a list of recommended software frameworks and components can help developers and security staff alike.
4. Pick whitelisting over blacklisting and use prepared statements. Use whitelist validation on user input by defining the requests the application allows. This will help sift out malicious input that can exploit underlying vulnerabilities and loopholes. Also, using prepared statements for web application database queries can significantly reduce the risk of SQL injection attacks.
5. Eliminate secure socket layer (SSL) vulnerabilities. SSL protocol ensures the encryption of communications in the application layer. SSL-compliant POS applications use a server certificate to authenticate the server and ensure safe data communication. Applications can face serious security issues when using outdated or misconfigured SSL versions.
The Future of Retail Security
As retailers computerize their businesses and use complex applications, security risks are rising exponentially. This requires a proactive approach to application development strategies, which should revolve around security standards for platforms involving credit card data and financial transactions.
Security requirements should be treated as checkpoints in the development process that can be set during the coding stage, within the source code repositories and during the QA process. Also, safe coding practices are effective in eliminating vulnerabilities and avoiding resource-consuming post-production maintenance.
Traditional security tools (e.g., firewalls) are becoming increasingly ineffective in fighting hackers. A comprehensive security strategy for applications that focuses on secure coding practices and the creation of a secure SDLC can help prevent future incidents within the booming retail industry.
Asaph Schulman is the vice president of marketing at Checkmarx, a provider of code analysis tools, static code analysis and software code analysis.