Application Vulnerabilities Remain The Achilles Heel
Application-level vulnerabilities have caused far more data breaches in recent years than any other vector. Equifax too blamed its intrusion on an application security issue but the company has not specified what exactly it was. But Baird Equity Research identified the issue as a known security flaw in the open-source Apache Struts framework for Java apps.
If accurate, the report would confirm the consensus opinion among most security analysts that the application vulnerability was something that Equifax should certainly have known about and have been protected against.
The dangers posed by buggy web applications - and the sheer number of vulnerable applications out there - are both well understood. The Open Web Application Security Project's (OWASP's) list of top web application security vulnerabilities have included more or less the same issues for the past several years - meaning that people have had enough time to address them.
Yet, as breaches like the one at Equifax have kept highlighting over the years, clearly many are not paying heed.
(Image Source: Stuart Miles via Shutterstock)