Mcduffee21
Newbie
Posts: 1
|
 |
Overlooked online application vulnerabilities
« on: Jul 4th, 2009, 4:27am » |
 Quote  Modify
|
Unfortunately, it is not just application flaws that are leaving systems vulnerable. In addition to application issues, every (URL link removed by siliconman01- considered spamming) and web application relies on a large stack of commercial and custom software components. The operating system, web server, database and all the other critical components of this application stack, have vulnerabilities that are regularly being discovered and communicated to friend and foe alike. It is these vulnerabilities that most organizations overlook when they are considering web application security.
As new vulnerabilities are found, patches become a critical part of managing application security. The process of patch management is complex and difficult to do successfully. Even the most proactive IT team must often reassign critical resources to deploy urgent patches, disrupting normal operations. The time required to patch responsibly lengthens the window of time a hacker has to exploit a specific vulnerability. With thousands of vulnerabilities and patches being announced each year the problem continues to grow. Even organizations with the most efficient patching processes in place can’t rely on this alone to protect them from attacks targeting web application vulnerabilities.
Today’s sophisticated attackers target corporate data for financial and political gain. They know they can more easily exploit vulnerabilities in web application stacks versus trying to defeat well built network and perimeter security. Hackers have a myriad number of vulnerabilities techniques to use including: SQL Injection, Cross Site Scripting, Buffer Overflow, and Denial of Service.
The number of application vulnerabilities in commercial applications and open source applications is growing at an alarming pace; anywhere from 200 to 400 new vulnerabilities are identified every month. According to zone-h.org, 45% [need an exact link] of attacks make use of vulnerabilities rather than configuration issues or use brute force. Attackers are working hard to find and exploit new vulnerabilities in web applications faster then they can be patched. The window of time, from when a hacker identifies a vulnerability to when it is communicated and eventually patched, makes a fast response defense- strategy critical to prevent a potentially damaging intrusion.
|
Mischel Internet Security Forum
Reply
Notify of replies
Send Topic
Print
Author
IP Logged
Search
Members
Login
Register