This article can also be found in the Premium Editorial Download "Information Security magazine: Special manager's guide: Monitoring identities."
Download it now to read this article plus other related content.
It's time to protect online Assets from increasing attacks.
The statistics are alarming: Gartner estimates 75 percent of attacks against Web sites take place at the application layer. Most of the vulnerabilities documented by Symantec in the second half of 2005 were found in Web application technologies. And a majority of the 20 most severe vulnerabilities in the US-CERT database are Web application flaws.
While companies have focused on securing their network perimeters, Web applications remain vulnerable to attack. Cybercriminals are growing more and more adept at exploiting their interactive nature to bypass traditional perimeter security defenses. By moving up the network protocol stack and communicating at layer 7, attackers can interface directly with an application's processes, and pass data designed to masquerade as legitimate application requests or commands through normal request channels such as scripts, URLs and form data. This can easily lead intruders to a wealth of valuable data without them having to break into any servers.
More information from SearchSecurity.com
Learn more about Web application attacks and how to defend against them with this Learning Guide.
Test your knowledge of Web application threats and vulnerabilities with this 10-question multiple-choice quiz.
Visit our resource center for news on the latest Web application attacks.
Enterprises have a wide range of Web application attacks to worry about. Some of the more common ones include buffer overflows, SQL injection and denial of service (DoS) attacks, while a lesser-known type of threat is email injection. Intruders also use a technique called fingerprinting to zero in on their targets. The tactics are different, but the results can be equally devastating--from theft of confidential data and complete system compromise to business disruption.
By waking up to these threats and implementing methods and strategies to deflect them, enterprises can protect their most precious assets.
This was first published in August 2006