Majority of attacks aimed at web applications

Security executives claim over 90 per cent of attacks now focus on web applications rather than the traditional network route.

Web app attacks

Nearly all attacks on businesses to steal data are abusing web applications rather than the tried and tested route of networks, according to two senior security executives.

A report by WhiteHat Security and Imperva has claimed that 93 per cent of all the attacks were aimed on existing webs applications and this resulted in stolen data going into the millions.

"It is a dangerous world that we live in," claimed Amichai Shulman, chief technology officer of Imperva, during at interview with IT PRO at InfoSecurity 2010. "In 2009, stolen records were by the ten of millions and this is just [from] one type of an attack."

"The shift from network attacks to application attacks has been going on from beginning of 2000, took pace 2004 and 2005 and, if you remember the network worms in early 2000s, it is now the same level on application layer."

Despite most companies being aware of such attacks, vulnerabilities aren't being fixed quickly enough.

Stephanie Fohn, president and chief executive of WhiteHat, told IT PRO: "Vulnerabilities aren't getting fixed on time. Security has responsibility... to identify problems [then] throw that over the fence to development. They then say "oh, right, later.""

Claiming that even critical flaws can take between one and three months to fix, Fohn believed the initiative to get things done needed to come from high up in a business.

"Security needs to have somebody that is a champion, somebody with some pull in the organisation," Fohn said. "Security needs to take control of security."

Read on for more news from InfoSec 2010.

Featured Resources

Four cyber security essentials that your board of directors wants to know

The insights to help you deliver what they need

Download now

Data: A resource much too valuable to leave unprotected

Protect your data to protect your company

Download now

Improving cyber security for remote working

13 recommendations for security from any location

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

Recommended

DeviceSHIELD combats rising cyber attacks and online fraud amid COVID-19
Security

DeviceSHIELD combats rising cyber attacks and online fraud amid COVID-19

24 Nov 2020
350,000 Spotify users hacked in credential stuffing attack
Security

350,000 Spotify users hacked in credential stuffing attack

24 Nov 2020
WAPDropper malware hooks you up to premium telecoms services
Security

WAPDropper malware hooks you up to premium telecoms services

24 Nov 2020
VMware sounds alarm over zero-day flaws in multiple products
Security

VMware sounds alarm over zero-day flaws in multiple products

24 Nov 2020

Most Popular

macOS Big Sur is bricking some older MacBooks
operating systems

macOS Big Sur is bricking some older MacBooks

16 Nov 2020
46 million Animal Jam accounts leaked after comms software breach
Security

46 million Animal Jam accounts leaked after comms software breach

13 Nov 2020
How computing has revolutionised Formula 1
Sponsored

How computing has revolutionised Formula 1

11 Nov 2020