Ten Ways Automated Modernization can Improve Application Security


The recent successful and attempted attacks on critical government legacy information systems at the Office of Personal Management and the IRS have provided a stark reminder of just how vulnerable these older systems are. Commercial systems are not immune to criminal and foreign agencies either, and in fact, may have more to lose in the near term in lost revenue, IP theft, negative branding, and the scandals lingering often for years. Sony, Anthem, Banner Health, Home Depot and many others can testify to this fact.

Cybersecurity advances try to keep pace with prevention of these attacks. However, while there are many security benefits and cybersecurity tools for applications written in modern languages like Java and C#, legacy systems (written in COBOL, Assembly, PowerBuilder, Ada, Fortran, and other older languages) suffer from many vulnerabilities. 

Automated Modernization is the use of a fully automated toolset to convert legacy applications, databases, and user interfaces into modern target languages and architectures of a client’s choice. This model-based transformation approach offers unique and effective solutions for many of the common security flaws present in these legacy systems. Read on to learn 10 ways your organization can use automated modernization to stay cyber-safe.

  1. Attackers have been thinking about how to breach and exploit older languages for many years. Moving to modern languages removes the opportunity to use old, trusted exploits.
  2. Automated modernization can move your system from a weakly-typed to strongly-typed language, removing vulnerabilities associated with non-explicitly called data types.
  3. Using information from code scanners like Fortify, SONAR, CAST, or other tools, model-based refactoring can use automation to remediate defects and flaws wherever found in the application code.
  4. Modernized applications can take advantage of new security and authentication procedures like LDAP.
  5. When code-level defects are identified in new attacks, automated refactoring can rapidly take in modern languages like Java and C#, and make pattern-based changes to eliminate the vulnerability. 
  6. Detailed system documentation, produced in automated fashion, allows developers to more quickly identify flaws.
  7. Many legacy systems fail to document the changes made over time, leaving them vulnerable to systemic weaknesses, and gaps for malware and APTs. Automated modernization exposes those gaps and removes dead code.
  8. Many malware attacks and APTs rely on inactive code to hide from antivirus scans, like the malware discovered in US power systems across the east coast. Automated removal of this code eliminates this hiding spot.
  9. Many legacy systems remain in use because they are irreplaceable mission-critical systems with highly sensitive data—a larger risk factor and tempting target.
  10. In addition to code modernization, consider using automated refactoring to alter the architecture to avoid design flaws that attackers may exploit. Model-based transformation tools support this type of refactoring.

Check out our Automation Advantages, as well as our Security Benefits & Contact Us for more information!