For the last few years, Web application vulnerabilities have grown at a considerable rate. In 2008, they accounted for more than 3,500 vulnerability disclosures or 54 percent of all vulnerability disclosures from that year.. In fact, from 2001 to 2006 the average annual vulnerability disclosure percentage growth was 36.5 percent, mainly the result of advanced hacking technologies, new methods for hacking and exploiting network weaknesses. These weaknesses result from either poor design or configuration errors, and increase the likelihood of an attack.
With an escalation of hacker fraud especially prevalent in recent months, including the recent Heartland Payment Systems breach that may have compromised millions of credit and debit card transactions, Web applications have developed a notorious reputation of being susceptible to attack. These vulnerabilities, combined with a slow response to new security procedures, have made these more penetrable.
Today’s hackers, no longer looking just for fame, have become more specialized in hacking Web applications by turning their penchant for mischief into a profit-making business. It’s become a basic skill for hackers to develop tools that can mimic legitimate user behavior in efforts to scan a Web site for system vulnerabilities without setting off security measures already in place.
How to Protect Against Vulnerabilities
According to the Payment Card Industry (PCI) Security Council, writing secure code and operating frequent network scans can help diminish the fear of being infiltrated. For organizations to ensure the highest protection possible, it’s imperative that their Web application developers write code according to pre-defined guidelines and is a requirement in order to be PCI-compliant.
An additional security measure is to install a web application firewall (WAF), which can monitor traffic and detect security the most common web attacks, including SQL injection and Cross-Site Scripting threats, in real-time. WAF’s can be either a software or hardware and are designed to look for certain ‘attack signatures’ in an effort to diagnose potential intruders and locate abnormal traffic behavior. These provide one more essential tool to a secure network strategy.
As cybercrime continues to threaten IT business infrastructures, it is critical to evaluate system protections and continue to take the necessary security measures in order to prevent criminals from exploiting networks.