Failure to check code before it's deployed
Certain risks will stay strong unless businesses change their behavior, says Kelley. Injections, which she explains is a popular vector of attack, have been a known vulnerability type for fifteen years. They will continue to pose a threat to businesses in 2017.
With injections, the problem isn't coding, she explains, but a lack of understanding among developers on how to validate input. They need to understand what the vulnerabilities are, code robust software, and test it before deployment.
By testing code, businesses can remove vulnerabilities before deploying apps and software, says Kelley. IT and security pros can help developers by providing education and giving them tools to establish apps before they're launched.
(Image: ESB Professional via Shutterstock)