MOST companies today use the Web to do business with customers, employees,
suppliers and others. This is because it is easier to maintain a Web-based
application than a Windows-based one. But how can we be sure that a Webbased application is secured? Or that data is being shared only by the authorised
users?
The Gartner Group estimates that 75 per cent of cyber attacks today are at the
application level. And about 97 per cent of over 300 Web sites audited are
vulnerable to Web application attacks. The US Federal Bureau of Investigation
also reveals that 95 per cent of the companies are hacked from Web applications,
and only five per cent of them are aware of the attacks
(http://conference.hackinthebox.org/hitbsecconf2005kl/materials/TT-ShreerajShah-Webhacking-Kungfu.pdf).
From the figures, we can deduce that most company Web sites are prone to cyber
attacks, and some of these companies are not aware that their Web applications
have vulnerabilities that can be exploited by hackers.
According to statistics published by the National ICT Security and Emergency
Response Centre, there have been significant increases in Web defacement
incidents. In the first quarter of this year, there were 256 Web defacements
involving both public and private Web sites, compared to the previous quarter
which recorded 42 of such incidents.
To have a secure Web application, developers of the application must know each
attribute such as query string, form, cookie, script, etc, because they are
vulnerable. These attributes can be exploited by an attacker and expose sensitive
company information if they are not used securely.
Please give us your feedback on this post
ReplyDelete