As more and more business is done using the World Wide Web, web sites themselves have become increasingly attractive to cybercriminals. What makes a web site such an lucrative target for an attack is not only that there are so many sites to attack, but the fact that an overwhelming majority of all web sites can be easily exploited by some of the most common vulnerabilities.
According to a three year study by WhiteHat Security that assessed vulnerability data in 1031 different web sites, it was found that:
In the early days of the World Wide Web, hackers would engage in hacking attacks to deface web sites as a sign of protest against a corporate or political ideology, or test their hacking skills using defacement as a way to gain notoriety amongst their peers. However as the Web has grown, and more business is reliant on web technologies to function, attacks against web sites have become more complex and sophisticated because of one reason - money. In light of this, Web application security has never been more critical to business.
Attackers, no longer driven by notoriety and ideology, have focused more on techniques that allow them to profit from their illegal activities. Exploited sites allow the theft of steal credit card data, financial information, identities, intellectual property, and anything else cyber criminals can get their hands on.
Funded by criminal organizations, attackers now rely on large botnets that can rent for as low as $150 for 2000 machines. In the hands of these cyber criminals, these zombie machines are able to seek out vulnerable web sites. Once these sites are identified, the attacker turns the focus of the botnet towards launching coordinated, distributed attacks against them exploiting web applications, web servers, FTP servers, and any other possible point of entry.
There are many different ways in which attackers are able to compromise a web site. Some of the most common vulnerabilities that attackers use are:
With the proliferation of out of the box web applications, it has never been easier for web sites to be built rather quickly. Unfortunately, these quick solutions also make it easier for attackers. Without proper training and knowledge, many of these sites are left with multiple vulnerabilities.
In addition to a compromised web site exposing sensitive data, there are other risks associated with web site security.
Denial of Service attacks are intended to disrupt a web site’s ability to serve pages to its visitors. Usually, these attacks are carried out by overloading the server with requests. Businesses that rely on their web site for normal business operations can find a tremendous drop in revenue as a result.
One of the most damaging things that can happen to a web site is to have it flagged as malicious. According to Stopbadware.org, not many sites even realize that they serve malicious pages. That is until it is too late. Sites that are flagged as malicious lose customers and visitors as a result.
Web sites that are compromised can provide the attacker access to a company’s internal network. Through attacks like Remote File Includes, an attacker is able to access protected files that may contain authentication information used on other network resources.
dotDefender enables companies to address challenges facing their web site in a straightforward and cost-effective manner by utilizing a Security as a Service solution. dotDefender offers comprehensive protection against SQL injection, cross-site scripting and other threats that your web site faces every day.
The reasons dotDefender offers such a comprehensive solution to your web application security needs are:
Architected as plug & play software providing optimal out-of-the-box protection, dotDefender creates a security layer in front of the application to detect and protect against application-level attacks in incoming web traffic that could be used to compromise the web server, steal sensitive information, or disrupt web services.