[(ISC).sup.2] Study Results
Application vulnerability was ranked as the number one threat by over 72% of over 10,000 respondents in the 2011 [(ISC).sup.2] Global Information Security Workforce Study. With attackers focusing their efforts on the application layer to steal corporate data, there is a rising interest among professionals to develop skills in secure software development. [(ISC).sup.2] has announced that over 1000 professionals from over 44 countries now hold its Certified Secure Software Lifecycle Professionals (CSSLP) certification. The CSSLP is the only code-language neutral certification that validates that professionals are qualified and capable of incorporating security into each phase of the software development lifecycle. Recognition of the problem and the ensuing need for certified secure software lifecycle development skills is increasing in enterprises too. For instance, over the last three years, Symantec has invested in developing a CSSLP certified workforce of software security professionals to address the applications security threat. In addition, there is a growing interest from software security leaders in the industry to help tackle the skills gap in secure software development. Five security experts from distinguished organisations including ArcelorMittal, Open Web Application Security Project (OWASP), Express Certifications and MITRE have joined [(ISC).sup.2]'s Application Security Advisory Board, that was formed last year to create awareness of insecure software development and devise measures to overcome the challenge. www.isc2.org
Webinjects For Sale
New research from Amit Klein, Trusteer's CTO which has found that cybercriminais have been busy developing webinjects for Zeus and SpyEye to orchestrate and develop malevolent attacks against certain brands, the full details are below but here is a quick summary: Webinjects are malware configuration directives that are used to inject rogue content in the web pages of bank websites to steal confidential information from the institution's customers. Webinjects are actually being offered for sale on many open internet forums and developers are earning a decent income from selling the Zeus/SpyEye webinjects service to an increasingly diverse customer base.
From the advertisements we've seen there are multiple targets, including British, Canadian, American, and German banks. Worryingly the prices are pretty reasonable.
According to the website advertisements: One webinject pack...