The Cybersecurity and Infrastructure Security Agency has released the first publication in its Secure by Design Alerts series to raise awareness of malicious cyber activity against web management interfaces.
CISA said Wednesday the initial document recommends that organizations implement security best practices, eliminate repeat classes of vulnerabilities in their products and align their work to Secure by Design principles to prevent the exploitation of vulnerabilities in their web management interfaces.
The Secure by Design Alerts series centers on two principles: take ownership of customer security outcomes and embrace radical transparency and accountability.
CISA’s first whitepaper under the new series builds around the first Secure by Design principle, suggesting that software manufacturers identify common patterns in software design and configuration that often lead to compromised systems.
According to the agency, software manufacturers should invest in application hardening, application features and default settings to create products that are secure by design.