Skip to main content

News: Web application threats

Stephane Konarkowski, Senior Security Consultant at Outpost24
Complex is a term that is often used to describe the technological make up of modern web applications. They are like onions, made up of intricate layers where, if not designed or secured appropriately, can foster many critical vulnerabilities. Therefore, it’s necessary for organisations to know the key attack vectors and system entry points used by the modern hacker to better understand their overall attack surface, writes Stephane Konarkowski, Senior Security Consultant at the cyber security and vulnerability assessment firm Outpost24.

Only by locating these flaws, organisations can begin to implement the right security controls in the right places to protecting their web applications, given that these are often the gateways to business shopfront. In fact, successful web application attacks pose a serious threat, as they account for almost half of all data breaches (43%) in 2019 and are the single greatest cause of data breaches according to the Verizon DBIR 2020 report.

Web applications are typically where sensitive customer and financial data is collected and stored, making it one of the first places a hacker will target. Also, with the majority of businesses focused on business continuity during the global pandemic, security to some may have not been a priority – a concerning fact given hackers are continually evolving their tactics to break into web applications to extract sensitive data. Some may think that good security hygiene and WAF alone will prevent such a disastrous scenario but unfortunately even some of the biggest brands suffered from simple application exploits. Examples include an incident where there were a lack of authentication controls (First American Financial), publicly available servers (Facebook) and the infamous Fortnite breach when a vulnerability allowed a cross-site scripting (XSS) attack where thousands of users were tricked into clicking a link planted by an attacker, contributing to millions, even billions, instances of customer data being leaked.

Read the full article from Stephane here:

Web application threats Web application threats

Looking for anything in particular?

Type your search word here