The State of Web Security Issues
Network World - While security vulnerability research can expose technical weaknesses that may be exploited, incident research provides in-depth information about the most common targets, motives and attack vectors of modern hackers.
And where better to turn for a sense of where we stand today than the Web Hacking Incidents Database (WHID). Analysis of WHID reveals that in 2009 social networks were at the greatest risk, malware and defacement remained the most common outcome of Web attacks, and SQL injection was the most common attack vector. Here’s a deeper dive on the findings and what you can do about them.
Perhaps not surprisingly, analysis of Web hacking incidents reveals that social network sites such as Twitter and Facebook are becoming premier targets for hackers. One in five incidents (19%) between January and June 2009 targeted social network sites, making them the most commonly attacked market.
Many attacks on social networks involve cross-site scripting (XSS) worms. Additionally, insufficient anti-automation controls permit hackers to brute force attack log-in credentials. In one incident, an attacker accessed a Twitter Admin account that had a password reset tool and compromised 33 high-profile accounts, including President Obama’s.
Web attacks are driven by crime. Most occur because the hacker wants money, not glory. However, in some instances, the attacks are performed by professionals seeking to advance a cause.
In 2009, defacement of Web sites was still the number one driver for Web hacking (28%). Defacement includes visible changes and covert changes, such as the planting of malicious code. Criminals exploit Web application vulnerabilities to plant malware that subsequently infects clients who visit the Web site. The hacked sites become the hacker’s primary method of distributing viruses, Trojans and root kits.
On the other end of the spectrum, ideologists use the Internet to express themselves using Web hacking to deface Web sites. The majority of defacement incidents are of a political nature, targeting political parties, candidates and government departments, typically with a specific message related to a campaign.
Web defacements are a serious problem and a critical barometer for estimating exploitable vulnerabilities in Web sites. Defacement statistics are valuable since they are one of the few incidents that are publicly facing and thus cannot be easily swept under the rug.
SQL Injection Tops Attacks
- EndPoint Interactive eGuide In this eGuide, Network World, Computerworld, and CIO examine two endpoint trends - BYOD and collaboration - and offer tips and advice on...
- Mobile First: Securing Information Sprawl Learn how the partnership between Box and MobileIron can help you execute a "mobile first" strategy that manages and secures both mobile apps...
- Cybersecurity Imperatives: Reinvent your Network Security The Rise of CyberSecurity
- Surescripts Case Study- Securing Keys and Certificates Surescripts implemented Venafi's Trust Protection Platform™ to secure digital keys and certificates, ensure the privacy and confidentiality of electronic clinical information for its...
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities.
- Deep Dive into Advanced Networking and Security with Hybrid Cloud Security and networking are among the top concerns when moving workloads to the cloud. VMware vCloud® Hybrid Service™ enables you to extend your... All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!