Only by locating these flaws, organisations can begin to implement the right security controls in the right places to protecting their web applications, given that these are often the gateways to business shopfront. In fact, successful web application attacks pose a serious threat, as they account for almost half of all data breaches (43%) in 2019 and are the single greatest cause of data breaches according to the Verizon DBIR 2020 report.
Web applications are typically where sensitive customer and financial data is collected and stored, making it one of the first places a hacker will target. Also, with the majority of businesses focused on business continuity during the global pandemic, security to some may have not been a priority – a concerning fact given hackers are continually evolving their tactics to break into web applications to extract sensitive data. Some may think that good security hygiene and WAF alone will prevent such a disastrous scenario but unfortunately even some of the biggest brands suffered from simple application exploits. Examples include an incident where there were a lack of authentication controls (First American Financial), publicly available servers (Facebook) and the infamous Fortnite breach when a vulnerability allowed a cross-site scripting (XSS) attack where thousands of users were tricked into clicking a link planted by an attacker, contributing to millions, even billions, instances of customer data being leaked.
Read the full article from Stephane here: