What’s HOT in Application Security Vol #3

Let’s understand the web application security dilemma!
Application security news

Organizations within the financial services industry track an average of 800 attacks, organizations out with the financial services industry track an average of 500 attacks- no wonder it’s so vital to understand application security. It’s said that the security challenge is due to the fact that most of these applications are web enabled. Companies which rely on SAAS and applications that are operating from portable devices are also at an increased risk as they are by definition, web enabled. Why even worry about application security?


Most organizations have application security at the forefront of their mind for several reasons- firstly, to protect against malware and hackers, secondly- the people with whom they share business process with are likely to require security guarantees and finally auditors require that security is demonstrable.

For more information please go to:

http://www.computing.co.uk/ctg/the-big-picture-blog/2156814/facing-application-security-challenge

What Hacker tip should YOU defend against?

Our web applications aren’t safe? Of course not- but how do we protect ourselves against attacks? Making yourselves aware of the most common exploitable weaknesses sounds like a good start. Hackers have developed many different ways in which to penetrate and compromise your web applications- good news is that there are common weaknesses you can look out for:

The main one on that list is SQL injection where a hacker inserts some code into the username field rather than the actual user’s name. This can be really simplified code or really intricate code. A vulnerable application will process the malicious code and will spew out private data. SQL injection is a 10 year old technique but still accounts for more than 80% of successful hacks! In April 2011 an SQLi vulnerability cost Sony their reputation and 77 million credit cards.

If SQLi is the reason for some 80 of hacker attacks- wouldn’t you take the most basic of steps to eradicate this from your portfolio of vulnerabilities?

For more information and more hacking techniques which are employed please go to:

http://blogs.computerworlduk.com/security-spotlight/2012/02/five-hacker-tricks-you-should-be-defending-against/index.htm

Companies worry about DDoS when they should be worrying about website attacks!

Most companies fear the dreaded DDoS attack- no wonder, when a distributed denial-of-service can wreck your reputation and brings about direct loss of earnings for a company. Companies should, however, put an equal ( perhaps a stronger ) emphasis on securing their web applications. Why should we put a stronger emphasis on web application security? The answer to that is simple- this is the most vulnerable part of ones businesses.

For more information please go to:

http://www.pcworld.com/businesscenter/article/250787/imperva_companies_should_secure_their_websites_before_worrying_about_ddos_attacks_from_anonymous.html

How long does it take the average organization to discover a breach in their security? The answer to that is Months or Years, according to Verizon

An astonishing sixty percent of data breaches are not discovered until months or years after the attack. Communications giant Verizon compiled a report based on 90 attempted breaches stemming a twelve month period and came up with chilling statistics- a staggering 92 percent came from an external cause (a finding which is unusually contradictory to similar organizations). Attacks like SQL injection were prevalent amongst the list of vulnerabilities, although didn’t make it to the top 10. Those who are looking to extract sensitive data using these types of methods generally target the financial services industry (as they desire the application to cough up credit card and bank information).

For more information please go to:
http://www.computerworld.com/s/article/9224783/Most_organizations_take_months_years_to_discover_a_breach?taxonomyId=142

Saudi Arabia vs Israel Round two- Hacking and politics

Saudi Arabia and Israel have been ideologically at the opposite ends of the spectrum since existence- this is hardly news. Protests and gibes have been replaced by full on cyber terrorism launched in the latter part of 2012.  Moreover, Bangladeshi hackers are planning a similar offensive against Indian sites. These copycat hackers have so far managed to add several pages with their political message to certain Indian state owned websites. These attacks don’t look like they are going to let up soon, with each country forming its own Internet Defense Force ( and counter attack force, it seems )- we will most likely see a plethora of similar attacks in 2012.

For more information go to:
http://www.weeklyblitz.net/2124/indian-hackers-planning-new-offensives-on

The following two tabs change content below.

Administrator

Latest posts by Administrator (see all)

Jump to Category