• Skip to primary navigation
  • Skip to main content
  • Skip to footer
  • Home
  • Advertise With Us
  • Contact
  • Cookie Policy
    • Privacy statement (CA)
    • Cookie policy (CA)
    • Privacy statement (UK)
    • Cookie policy (UK)
    • Privacy statement (US)
    • Do Not Sell My Personal Information
    • Privacy statement (EU)
    • Cookie policy (EU)
    • Disclaimer

TechWalls

Technology News | Gadget Reviews | Tutorials

  • Reviews
  • Tech News
  • Tech Guide
  • Gadget & Apps

Veracode Report Slams Developers for Crypto Implementation Failures

Updated on Jun 29, 2015 by Guest Authors

While the most common cause of data breaches affecting the public and private sector is often the shortcomings on the part of an end user, developers also have a share of liability for what brings about this cyber incident.

According to a new Veracode report, most developers do not have sufficient expertise to implement encryption in their products. As a result, cryptographic keys are more often than not easy to decode for attackers.

encryption

For most of data breach incidents, encryption issues are one of the vulnerabilities that have a serious impact on applications across various sectors and industries. In particular, cryptographic flaws involve wrong Transport Layer Security certificate validation, sensitive data stored as a text, unencrypted information, and hard-coded cryptographic keys, among others.

Both mobile apps and Web-based applications were affected by this shortcoming on the part of developers, although there are quite some level of differences as to the number of apps in each platform affected.

Although most applications used by many companies and organizations need to have encryption embedded in them to comply with data security laws, some developers are putting it in their products in a lax manner, according to Veracode.

Part of the problem is the lack of cryptography training for many developers. That’s why they have a poor understanding about security, Veracode said. It is no small issue, therefore, that a lot of applications with encryption components could be relied on to effectively counter attacks.

Then there is the lack of standardization as some developers develop their own encryption algorithms, mostly by not following standard cryptographic application programming interfaces offered by Java or some other widely used programming languages.

It is highly recommended that programmers first review the certificates with thorough care, secure encryption keys and implement hard-to-crack pseudo-random number generators. What is needed here is proper education for developers to help them gain insights into the dire consequences of not implementing a robust encryption.

From the point of view of other security experts, complex crypto libraries are also part to blame for this encryption issue. That is so because of the gap in language. Crypto libraries are natively developed for cryptographers, not for developers.

So it is not only a matter of educating developers, but also designing cryptographic software in a way that is easy to understand for developers as well. Then it would be smoother to implement robust encryption without taking the extra mile of understanding cryptographic languages.

Disclosure: As an Amazon Associate, I earn from qualifying purchases. The commission help keep the rest of my content free, so thank you!

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Footer

SwitchBot Lock Review – Perfect Smart Lock for Renters

BREEZOME JH03 vs JH04 Air Purifier – Which One Should You Buy?

SwitchBot Curtain Smart Electric Motor Review – The Upgraded Version

COLORWING M08F Portable Thermal Printer Review – Requiring No Ink, Toner, or Ribbon

Follow TechWalls

YoutubeFacebookTwitterInstagram

Recent Posts

  • Premiere of the Demo of “EVOLUTION”, Tencent’s First Native Cloud Game, Leading Us to Set Off to the Real World Together
  • VANKYO Leisure 495W and Leisure 470 Pro Projector – New Full-HD Projector Series
  • SwitchBot Lock Review – Perfect Smart Lock for Renters
  • BLUETTI Father’s Day Deals – Power Gears for the Best Dad in the World

Copyright © 2022 · All Rights Reserved