This month we are sharing a blog from our security partner Oracle + Dyn that takes a look at web application security and what lies ahead.
Websites and apps are increasingly under attack, so effective web application security must be a top priority.
Before 2008, data breaches were somewhat rare, and most occurred because of human error, such as the loss of a laptop, a USB drive, or some other media. Others were caused by phishing attacks that installed malware, by insider threats, or by organizations using weak admin credentials and poor encryption techniques. Some organizations that were breached never found the cause.
Fast forward 10 years, and the number of data breaches has grown beyond anyone’s expectation. Data breaches are the primary reasons why governments are enacting privacy and data protection regulations today. Web application security is paramount, attacks against internet-exposed web applications are the top cause of data breaches. And 77 percent of web applications have at least one security vulnerability, according to Veracode’s 2017 State of Software Security Report.
Inside web application attacks
The method of successfully phishing a user, installing malware, and remotely controlling the infected computer without anyone noticing did not have a very high success rate. In addition, finding the data to steal required time, and the longer an attacker remained in a network, it increased their chances of being caught.
As a result, attackers began to shift their focus to exploiting web application security vulnerabilities. These attacks are significantly more efficient and effective.
Every time a user visits a website and enters their credentials, signs up for an account, opens a record of some sort, makes a purchase, etc., all of that information — including personal data — is stored on a server that sits behind that application. Taking over a website or app by exploiting a software vulnerability often gives attackers free access to the data that is stored on that server.
Attackers may also inject malicious code into web forms to take advantage of applications that don’t properly sanitize what users are allowed to enter into a field. For example, instead of entering a person’s name into a Name field, hackers may enter code that is then executed by the application and/or backend database, often exposing the entire database to the attacker.
activereach recently partnered with Oracle + Dyn for a free in depth webinar. The webinar is aimed at IT Professionals, to help you understand the evolving WAF market and develop a multi-pronged web application security approach to defending the modern-day, distributed network. View the webinar here.
The future of web app security
Because attackers are exploiting web application security vulnerabilities to gain access to private data, organizations must go to even greater lengths to protect websites and apps than they do to protect their computers and other network-connected devices.
As more organizations move their websites and apps to the cloud, web application security will only get more crucial – and complex. Cloud-based security technologies, such as web application firewalls, can help protect websites, apps, and the data stored behind them, regardless of where they’re hosted.
activereach helped one of the worlds most trusted staffing organisations protect over 20 different recruitment brands through the successful implementation of an enterprise-grade, cloud-based, anti-DDoS solution including WAF to protect their numerous web assets from the growing threat of malicious web application attacks. You can view the case study here.
[1] Veracode’s 2017 State of Software Security Report
This blog was first published on the Oracle Dyn blog on 8 August 2018, by Stephen Gates, Edge Security Evangelist at Oracle Dyn Global Business Unit.