March 22, 2013

Web Threats: the point of least resistance

A.baa-Looking-At-The-Wrong-SideIn the past year we have seen numerous Web attacks hit companies globally. Organizations have been
breached and data has been stolen. And companies’ web applications have been taken down by DDoS attacks. Hackers easily dance around network security defenses, bypassing firewalls, IPSs, and other controls.

The Problem has Moved On…

For the past 10 years, companies have invested their efforts and budget in securing their infrastructure. Most of that budget went toward solving the most acute problems that existed, which were network hacks and virus propagation. And although companies have done a great job at solving these problems, it motivated hackers to look for other ways to penetrate their networks.

Hacking today is all about profit. In today’s industrialized hacking environment, hackers are focused on one major goal: maximize profit and minimize effort. When companies found a way to prevent the network attacks, hackers moved to where there is less resistance – the Web. Most compromised companies are those that have invested a lot in their security infrastructure: they upgrade their firewalls to the latest and greatest, but they have not invested in stopping today’s attacks that go after their most valuable assets through their web applications. Thus, when the hackers come today, companies aren’t ready.

In the Details

Attacks on the Web side of life are divided into two main categories:

  • Technical Web Attacks
  • Business Logic Attacks

Technical web attacks are attacks that use a software flaw in order to steal data, inject software and generally manipulate the application to get data. Security research cites that 97% of all data breaches are due to SQL Injection.

Business logic attacks and fraud attacks are gaining popularity. Hackers understand how to break an application’s logic to provide access to restricted areas, run fraudulent transactions, break search engines by creating enormous search terms (which in effect creates a DoS on the application), and countless other forms of abuse.

Heads Up!

Next week, Imperva will release an eBook discussing the future of web security. We will outline our thoughts on the most important features and controls that Web Application Firewalls should provide.

Authors & Topics:

Share on LinkedIn


Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.


Post a comment

Comments are moderated, and will not appear until the author has approved them.