3 Pages
English

Web Application Security is an On-going Commitment due to Highly Dynamic Hacking Risks, Says Frost & Sullivan

Gain access to the library to view online
Learn more

Description

Web Application Security is an On-going Commitment due to Highly Dynamic Hacking Risks, Says Frost & Sullivan PR Newswire LONDON, September 5, 2012 - Four out of Five Sites are Vulnerable; Web Security Weakness Can Compromise an Entire Organisation LONDON, September 5, 2012 /PRNewswire/ -- Web applications remain the third most common attack vector overall, with hacking still on the increase, from organised criminal groups, amateurs and political activists. Complex technology, growing adoption of web 2.0 functionality and powerful features of HTML5 have enhanced the opportunity for hackers to exploit vulnerabilities. The consequences of a compromised web application can go way beyond the web server: a number of high-profile attacks with prestigious companies caused millions USD in losses. All organisations are potential victims. To protect themselves they should form long-term partnerships with reputable security companies providing individual solutions that will optimise web application security. Frost & Sullivan's recent White Paper (WP) discusses the growing threat to web applications putting it into its right business context. Describing the mysterious world of web applications hacking, the paper gives also an overview of the likely victims and outlines what are the solutions for organisations to protect themselves.

Subjects

Informations

Published by
Reads 7
Language English
Web Application Security is an On-going Commitment due to Highly Dynamic Hacking Risks, Says Frost & Sullivan
PR Newswire LONDON, September 5, 2012
- Four out of Five Sites are Vulnerable; Web Security Weakness Can Compromise an Entire Organisation LONDON,September 5, 2012/PRNewswire/ -- Web applications remain the third most common attack vector overall, with hacking still on the increase, from organised criminal groups, amateurs and political activists. Complex technology, growing adoption of web 2.0 functionality and powerful features of HTML5 have enhanced the opportunity for hackers to exploit vulnerabilities. The consequences of a compromised web application can go way beyond the web server: a number of high-profile attacks with prestigious companies caused millions USD in losses. All organisations are potential victims. To protect themselves they should form long-term partnerships with reputable security companies providing individual solutions that will optimise web application security. Frost & Sullivan's recent White Paper (WP) discusses the growing threat to web applications putting it into its right business context. Describing the mysterious world of web applications hacking, the paper gives also an overview of the likely victims and outlines what are the solutions for organisations to protect themselves. The paper benefits from the insight and experience of leading security companies and organizations, like MITRE, High-Tech Bridge, and Online Trust Alliance (OTA), who have provided excellent support to Frost & Sullivan during the WP review. "According to High-Tech Bridge, as many as three out of four successful network intrusions start and/or involve an unsecured web application," says Frost & Sullivan analyst, Chris Rodriguez. "By 'network intrusion' we mean attacks where the goal is to achieve an ongoing access." The attack becomes categorised as an advanced persistent threat (APT), which purpose is always to steal data, rather than to cause damage. APTs target organisations in sectors with high-value information, such as defence, manufacturing and finance. The complexity of an attack and the victim's internal architecture will determine how much damage a hacker can do. The database structure behind a website is much more important than the structure of the website itself. In almost every case, a compromised web application gives unlimited access to all the resources that the web application uses, including databases. "Hackers frequently attack the trusted partners of their real victims," adds Rodriguez. "Web developers usually consider partners to be trusted parties and take insufficient security measures. However, organisations must be vigilant that their partners ensure the protection of their accounts against breaches and misuse." An organisation can never be certain to have zero vulnerabilities on their website even if the utmost care is taken during development; there is no way that we can future-proof out code. Developers can only take into account