Application Security Taking Center Stage for Retailers

3 min.

August 20, 2014

The interconnectedness and rapid development of mobile technology are revolutionizing the consumer market. Retailers have fully computerized mechanisms driven by complex applications to bring their products to the mobile market, which has introduced serious security flaws into the ecosystem that can damage customers and financial giants, jeopardizing entire retail chains. Hackers have increasingly exploited these vulnerabilities in un-secure web applications using tools that can easily be found online, resulting in numerous high-profile hackings.
In the past year, serious breaches impacting multinational corporations called into question retail software security. The most impactful of these attacks, sustained by Target late last year, was due to a third-party application that was integrated into Target’s system without being properly screened. Over 70 million customer records with names and email addresses were stolen from point-of-sale stations, and about 2 million credit cards were stolen and resold on the black market. Similar attacks struck retail giant Neiman Marcus and popular restaurant chain PF Chang’s, leading to unauthorized credit card activity and consumer data theft.

Five Ways Retailers Can Secure Applications

1. Implement safe coding practices. While requiring special training for developers and security staff, these practices eventually save an organization time and resources. Safe coding includes using tested code for common tasks, implementing task-specific integrated APIs for various system tasks and denying simultaneous access to shared resources.
2. Create a secure software development life cycle (SDLC). The task of securing retail applications can be completed successfully only by developing them in a secure SDLC. With testing tools (e.g., Source Code Analysis) integrated into the development stages, vulnerabilities can be eradicated early. This is a cost-effective and resource-friendly strategy.
3. Scrutinize off-the-shelf frameworks and open source components. Third-party elements can provide hackers with loopholes and vulnerabilities that may bring an entire system down. It’s highly recommended to create a list of guiding security principles for new projects, while maintaining a list of recommended software frameworks and components can help developers and security staff alike.
4. Pick whitelisting over blacklisting and use prepared statements. Use whitelist validation on user input by defining the requests the application allows. This will help sift out malicious input that can exploit underlying vulnerabilities and loopholes. Also, using prepared statements for web application database queries can significantly reduce the risk of SQL injection attacks.
5. Eliminate secure socket layer (SSL) vulnerabilities. SSL protocol ensures the encryption of communications in the application layer. SSL-compliant POS applications use a server certificate to authenticate the server and ensure safe data communication. Applications can face serious security issues when using outdated or misconfigured SSL versions.

The Future of Retail Security

As retailers computerize their businesses and use complex applications, security risks are rising exponentially. This requires a proactive approach to application development strategies, which should revolve around security standards for platforms involving credit card data and financial transactions.
Security requirements should be treated as checkpoints in the development process that can be set during the coding stage, within the source code repositories and during the QA process. Also, safe coding practices are effective in eliminating vulnerabilities and avoiding resource-consuming post-production maintenance.
Traditional security tools (e.g., firewalls) are becoming increasingly ineffective in fighting hackers. A comprehensive security strategy for applications that focuses on secure coding practices and the creation of a secure SDLC can help prevent future incidents within the booming retail industry.
Read the original article at Retail Online Integration here

Read More

Want to learn more? Here are some additional pieces for you to read.