Over one billion websites exist today. With an excess of websites to choose from, we hear many people ask, why did my site get hacked? How did it get hacked? What damage has been done? While there are various reasons and ways a cybercriminal could have hacked your site, there is a very good chance (80% to be exact) they were after your web applications. Web applications account for 80% of website vulnerabilities, making them a very attractive target to cybercriminals.
Tag: web application security
Every year about this time, Verizon comes out with an annual review of the results of its investigations into thousands of data breaches and security incidents from around the world.
The report can be very data heavy and even a little depressing, but we can learn great things from it. Here are just ten:
What is this TrueShield you speak of?
TrueShield is SiteLock’s web application firewall. It operates like your very own team of secret service agents, standing guard at every possible entry point on your website, 24/7. The TrueShield web application firewall inspects every visitor who tries to enter your site, denying access to the bad guys and bad bots, and welcoming the rest. You may imagine this would cause a traffic jam and slow down flow to your website – but it is actually just the opposite. The TrueShield WAF includes TrueSpeed, a content delivery network (CDN) which moves your website into the fast lane, loading your pages faster and improving your visitors’ experience – even boosting your SEO. It’s pretty remarkable stuff.
Who can use TrueShield?
Anyone who has a website. The TrueShield web application firewall is cloud-based, which means that it doesn’t require a complicated installation – in fact setup takes just a few minutes. It also means that TrueShield is affordable for even the smallest businesses and budgets. A typical small to mid-sized business does not have the in-house technical staff, nor the time, to deal with the complexities of protecting their site from every potential attacker. A web application firewall, like TrueShield, is the easiest way for a small business to get enterprise-grade protection without needing enterprise-level resources.
A little more than a dozen years ago, a not-for-profit organization called The Open Web Application Security Project, aka OWASP, was formed with the goal of supporting the creation, development, acquisition, operation and maintenance of applications that can be trusted by their users.
And as more applications are developed online, the threats to attack those applications increase even more rapidly in the form of threat agents. The agents, in this case, are not often the good guys (even though sometimes they are employees or others within your organization). They are any capability, intention or activity that attempts to exploit the company’s assets, frequently its data.
That’s probably one of the toughest security questions, and the answer is usually not good. In a report published at the end of 2012 on the growing hacking threat to websites, research firm Frost and Sullivan found that of all the security vulnerabilities discovered every day, more than 98% were discovered by third-party researchers, while less than 2% were discovered by the people who made the applications that contained the vulnerabilities.
According to Frost and Sullivan, more than 80% of websites have at least one known vulnerability. If that vulnerability is known to security researchers, you can bet it’s also known to hackers who use automated tools to sniff out unpatched vulnerabilities, millions of websites at a time.
And as it turns out, four of the top five of all known vulnerabilities have something to do with websites – Adobe Shockwave Player, Adobe Acrobat, Apple QuickTime, and Microsoft Internet Explorer.
The report also found that the most common attacks on websites include: