Vulnerabilities in Web Applications Invite Hackers’ Activities
According to 'Watchfire', a web application security firm based in Massachusetts, the weakest area capable of exploitation in 'enterprise information eco-system' is 'Web applications'. The company works in the area of 'software and servers' to assess the 'security and regulatory compliance' of websites. 'Watchfire' is one of the premier bodies in a prolific and essential 'web application market security testing suite'.
Watchfire's director of 'strategic research', Danny Allan, pointed out that in the past, 'network perimeters' had to bear the consequences of attacks. Web vulnerability scanning has become essential in the light of 'well-publicized online security violations' and increased concerns over more hardened 'regulatory compliance requirements'.
As usage of web applications increases, it directly relates to a rise in the number of security measures designed for them. 'Web application security' is eventually drawing prominent focus.
Today, with the growth in adequate protection for networks by a variety of security tools, Web applications have not only become easier targets but they are also connected to servers and databases containing a wealth of protected confidential information.
Danny Allan pointed out that a major chunk of IT security spending, about 90 percent, is on 'network protection' and only the remaining 10 percent is spent on 'Web applications'. This shows businesses presently are not allotting enough funds to protect their 'Web applications'.
During an online banking transaction, a victim may receive a message asking him to enter his credit card number and other related details. The attacker who works remotely accesses the 'user credentials' by which he changes the cookie to enhance his privileges to act as an administrator, causing even more harm.
Allan further explained that 'entry points' to a 'dynamic website' could be hundred times more than the number of pages. In contrast, a 'static information site' could have less than five entry points.
The sites possible to interact with have the most sensitive information, notes Allan. Any website that features content contribution by a user is a potential target. If online forums, e.g., do not 'sanitize' posted content, then they are at risk. Hackers look for opportunities to ride on such vulnerable web sites.
Related article: Vulnerability Found in Google’s Blogger
» SPAMfighter News - 30-11-2006