
The Latest Tripwire News
Product and Solution Information, Press Releases, Announcements
Tripwire Research Reveals Danger of Using Freelance Web Developers | |
Posted: Wed Jun 07, 2017 11:22:33 AM | |
Research team finds websites built by freelance developers plagued with critical security failures PORTLAND, Ore. – June 7, 2017 – Tripwire, Inc., a leading global provider of security and compliance solutions for enterprises and industrial organizations, today released findings from research investigating the dangers of turning over web development to an unqualified third party. Specifically, the research revealed that websites developed by “budget” developers, without portfolios or references, tend to be plagued with critical security failures. For this project, The Tripwire Vulnerability and Exposure Research Team (VERT) took on a non-technical persona and hired nearly 20 developers to create a website, with bids going up to $250. Each developer’s sole job would be to provide source code for a website with specific required functions, utilizing a particular technology stack, in nine days. Tripwire VERT wanted to identify backdoors, hard-coded passwords and vulnerabilities within each website. Of the 17 commissioned projects, 10 websites were completed and purchased. VERT found that every website had critical security failures. Some notable findings were:
“It came as no surprise to find that every single website was plagued with critical security failures,” said Craig Young, principal security researcher at Tripwire. “The process was riddled with communication issues and questionable practices from beginning to end.” “If this were a real business project, it would have run over budget, past the deadline and have been very difficult to manage. On top of all that, the customer would have been left with an insecure website,” Young added. “We cannot reasonably expect data breaches to decrease if websites built by developers are not made with basic security measures built in.” While Tripwire VERT does not recommend relying on low-budget freelance site development, here are a few tips to consider when it is necessary: Before Hiring
During the Project
Upon Completion
The full research report can be found here: https://www.tripwire.com/state-of-security/featured/vert-research-security-review-freelance-web-development/ |