Majority of attacks aimed at web applications

Security executives claim over 90 per cent of attacks now focus on web applications rather than the traditional network route.

Web app attacks

Nearly all attacks on businesses to steal data are abusing web applications rather than the tried and tested route of networks, according to two senior security executives.

A report by WhiteHat Security and Imperva has claimed that 93 per cent of all the attacks were aimed on existing webs applications and this resulted in stolen data going into the millions.

"It is a dangerous world that we live in," claimed Amichai Shulman, chief technology officer of Imperva, during at interview with IT PRO at InfoSecurity 2010. "In 2009, stolen records were by the ten of millions and this is just [from] one type of an attack."

"The shift from network attacks to application attacks has been going on from beginning of 2000, took pace 2004 and 2005 and, if you remember the network worms in early 2000s, it is now the same level on application layer."

Despite most companies being aware of such attacks, vulnerabilities aren't being fixed quickly enough.

Stephanie Fohn, president and chief executive of WhiteHat, told IT PRO: "Vulnerabilities aren't getting fixed on time. Security has responsibility... to identify problems [then] throw that over the fence to development. They then say "oh, right, later.""

Claiming that even critical flaws can take between one and three months to fix, Fohn believed the initiative to get things done needed to come from high up in a business.

"Security needs to have somebody that is a champion, somebody with some pull in the organisation," Fohn said. "Security needs to take control of security."

Read on for more news from InfoSec 2010.

Featured Resources

BCDR buyer's guide for MSPs

How to choose a business continuity and disaster recovery solution

Download now

The definitive guide to IT security

Protecting your MSP and your customers

Download now

Cost of a data breach report 2020

Find out what factors help mitigate breach costs

Download now

The complete guide to changing your phone system provider

Optimise your phone system for better business results

Download now

Recommended

TsuNAME vulnerability could enable DDoS attacks on major DNS servers
distributed denial of service (DDOS)

TsuNAME vulnerability could enable DDoS attacks on major DNS servers

7 May 2021
What are SSH keys?
cyber security

What are SSH keys?

7 May 2021
Google’s about to push everyone into two-factor authentication
Security

Google’s about to push everyone into two-factor authentication

6 May 2021
Defense Dept. expands vulnerability disclosure program to all publicly accessible defense systems
ethical hacking

Defense Dept. expands vulnerability disclosure program to all publicly accessible defense systems

5 May 2021

Most Popular

KPMG offers staff 'four-day fortnight' in hybrid work plans
flexible working

KPMG offers staff 'four-day fortnight' in hybrid work plans

6 May 2021
Dell patches vulnerability affecting hundreds of computer models worldwide
cyber security

Dell patches vulnerability affecting hundreds of computer models worldwide

5 May 2021
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

29 Apr 2021