TMCnet News
Tripwire Research Reveals Danger of Using Freelance Web DevelopersTripwire, Inc., a leading global provider of security and compliance solutions for enterprises and industrial organizations, today released findings from research investigating the dangers of turning over web development to an unqualified third party. Specifically, the research revealed that websites developed by "budget" developers, without portfolios or references, tend to be plagued with critical security failures. For this project, the Tripwire (News - Alert) Vulnerability and Exposure Research Team (VERT) took on a non-technical persona and hired nearly 20 developers to create a website, with bids going up to $250. Each developer's sole job would be to provide source code for a website with specific required functions, utilizing a particular technology stack, in nine days. Tripwire VERT wanted to identify backdoors, hard-coded passwords and vulnerabilities within each website. Of the 17 commissioned projects, 10 websites were completed and purchased. VERT found that every website had critical security failures. Some notable findings were:
"It came as no surprise to find that every single website was plagued with critical security failures," said Craig Young, principal security researcher at Tripwire. "The process was riddled with communication issues and questionable practices from beginning to end." "If this were a real business project, it would have run over budget, past the deadline and have been very difficult to manage. On top of all tat, the customer would have been left with an insecure website," Young added. "We cannot reasonably expect data breaches to decrease if websites built by developers are not made with basic security measures built in." While Tripwire VERT does not recommend relying on low-budget freelance site development, here are a few tips to consider when it is necessary: Before Hiring
During the Project
Upon Completion
The full research report can be found here: https://www.tripwire.com/state-of-security/featured/vert-research-security-review-freelance-web-development/ About Tripwire Tripwire is a leading provider of security, compliance and IT operations solutions for enterprises, industrial organizations, service providers and government agencies. Tripwire solutions are based on high-fidelity asset visibility and deep endpoint intelligence combined with business context; together these solutions integrate and automate security and IT operations. Tripwire's portfolio of enterprise-class solutions includes configuration and policy management, file integrity monitoring, vulnerability management, log management, and reporting and analytics. Learn more at www.tripwire.com, get security news, trends and insights at tripwire.com/blog or follow us on Twitter (News - Alert) @TripwireInc.
View source version on businesswire.com: http://www.businesswire.com/news/home/20170607005005/en/ |