Guarding both Web Applications and Databases Security Attacks
- Author Jeremy Smith
- Published June 26, 2011
- Word count 466
With companies better protecting their computer network perimeters against malicious intruders, a growing number of attacks have begun taking place at the website application and database layers instead. A recent survey shows that more than 80 percent of attacks against corporate networks these days involve Web applications. The survey suggests that a vast majority of Web applications deployed in enterprises contain vulnerabilities that can be exploited by intruders, allowing them to gain access to underlying systems and data. Despite the prevalence of such vulnerabilities, most companies are not addressing the problem due to a lack of awareness or because their budgets do not permit additional expenditures on Web application security, according to the study.
Fortunately for enterprises, a growing number of relatively inexpensive, automated Web application security tools are becoming available to help them probe their applications for exploitable security flaws. The products are designed to help companies examine application code for common errors that result in security vulnerabilities. Using such tools, companies can quickly identify issues such as SQL Injection errors, Cross-Site Scripting flaws and input validation errors, much faster than they would have been able to manually.
Most of the reputable application security testing tools that are currently available can be used to test both custom-developed Web applications and common off-the-shelf software packages. Companies typically run the tools first against their live production applications to identify and mitigate vulnerabilities that could disrupt their operations. Application security tools typically only help identify vulnerabilities. They do not automatically remedy the flaws. In addition to testing production applications, tools can also be used to test code during the application development and the quality assurance stage. Security analysts in fact, recommend that such tools be used during the development life cycle because finding and fixing flaws can be a whole lot easier and less expensive compared to doing it after an application has been deployed. A growing number of such security testing products also support features that allow companies to conduct penetration testing exercises against their application and database layer. Using such products, companies can probe their networks for flaws in much the same way that a malicious attacker would probe their networks.
Until recently, the use of such tools has been considered a security best practice, but that could start changing soon. Already, the Payment Card Industry Security Council, a body that governs security standards in the payment card space, has a rule mandating the use of application security software by all companies of a certain size that accept debit and credit card transactions. Under the rules, covered entities are required to use such tools to identify and remediate security flaws in any applications that handle payment card data. Similar rules mandating the use of such software could start becoming more commonplace as awareness of the issue grows.
There are no posted comments.
- Website security check: Tips on how to protect your website from hackers
- How will cyber threats evolve in 2020?
- When to choose red teaming over penetration testing: A guide to a robust cybersecurity program
- Protect your files with drive image backup software
- How Cloud Management Values Change Your Business
- The U.S. Government and Zero Day Vulnerabilities
- Spyware – Yet Another Cyber Menace
- Reset lost passwords in Windows with Active@ Password Changer
- Antivirus measures you should know when your PC is infected with a virus
- Security Fit For Royalty!
- Global VPN Use Is Booming But So Is Cyber-Censorship
- Things to do to make your business, cyber secure
- The new European data protection system
- Avoiding Disaster: Make Website and Business Asset Backups Mandatory
- 12 Ways to Keep Your Data & Identity Safe Online
- Associate With Avast Support USA To Shield PC Against Viruses And Malware
- Microsoft Office Customer Service for Office Setup
- What is All-czech browser hijacker and how to remove it
- Methods to delete Web-start.org from computer and browser
- What is Odin ransomware, how to decrypt .odin files
- How to remove Loadstart browser hijacker
- How to remove Tech-connect.biz from Google Chrome and all other browsers
- How to remove Alma Locker ransomware virus
- How to remove SOEASYSVC adware from your browser
- How to get rid of SafeSurf virus
- How to remove Cryp1 virus and to restore the encrypted files
- What is Social2Search, and how it differs from other adware
- How to remove Hohosearch adware from computer and browser
- Browser Hijackers, the Methods Of their Action And the Ways to Remove Them
- 5 Website Security Issues You Should Be Aware Of?