Trend Report: Binary Leaks
Our team of CSAs have conducted a series of tests to evidence the current state of security of applications provided by governments in different Spanish-speaking countries. A general review was made of the potential weaknesses in software development and how the lack of adequate security controls could be exploited by attackers. We have discovered everything from passwords to databases that should not be public.
Programs provided by governments should provide (as much as or more than the rest) appropriate security controls to safeguard the confidentiality, integrity, and availability of information. They generate citizen information management processes such as: customs or tax formalities, financial and accounting management, public administration, educational services, electronic invoicing, data related to the hospital and health sector, DNI (electronic signatures) and many others that may contain sensitive information about the citizen.
We have made a general analysis of the applications (binary files) that government organizations make available within their websites for citizens to download and install on their computers.