Regardless of the size of your organization, it’s very likely that you could. Vulnerabilities including the bug reportedly responsible for Equifax’s data breach are still common elements of open-source systems used by developers for creation of business applications and web portals. While this saves time and money on the development side, unless they perform regular security checks, this code is likely to be part of the more than 60 percent that contains vulnerabilities due to these components. What’s more, some of these vulnerabilities are over 4 years old.
In the case of Equifax, it was the use of the open source Apache Struts that led to the exposure of over 145 million consumer records. This is the single most costly breach in corporate history with related expenses expected to hit $275 million. Surely no one wants to join this club!
Application testing can and should be performed on custom development and web portals – especially if they are used to gather and store information. For example, many organizations use portals on their websites for clients to log in. These are prime examples of potentially vulnerable targets for a breach.