1
to Acunetix Web Vulnerability Scanner
Website security is possibly today's most overlooked aspect of securing the enterprise and should be a
priority in any organization.
Increasingly, hackers are concentrating their efforts on web-based applications – shopping carts, forms,
login pages, dynamic content, etc. Accessible 24/7 from anywhere in the world, insecure web
applications provide easy access to backend corporate databases and also allow hackers to perform
illegal activities using the attacked sites. A victim’s website can be used to launch criminal activities such
as hosting phishing sites or to transfer illicit content, while abusing the website’s bandwidth and making
its owner liable for these unlawful acts.
Hackers already have a wide repertoire of attacks that they regularly launch against organizations
including SQL Injection, Cross Site Scripting, Directory Traversal Attacks, Parameter Manipulation (e.g.,
URL, Cookie, HTTP headers, web forms), Authentication Attacks, Directory Enumeration and other
exploits. Moreover, the hacker community is very close-knit; newly discovered web application
intrusions are posted on a number of forums and websites known only to members of that exclusive
group. These are called Zero Day exploits. Postings are updated daily and are used to propagate and
facilitate further hacking.
Web applications – shopping carts, forms, login pages, dynamic content, and other bespoke applications
–
are designed to allow your website visitors to retrieve and submit dynamic content including varying
levels of personal and sensitive data.
If these web applications are not secure, then your entire database of sensitive information is at serious
risk. A Gartner Group study reveals that 75% of cyber-attacks are done at the web application level.
Why does this happen?
Websites and web applications are easily available via the internet 24 hours a day, 7
days a week to customers, employees, suppliers and therefore also hackers.
Firewalls and SSL provide no protection against web application hacking, simply because
access to the website has to be made public.
Web applications often have direct access to backend data such as customer databases.
Most web applications are custom-made and, therefore, involve a lesser degree of
testing than off-the-shelf software. Consequently, custom applications are more
susceptible to attack.
Various high-profile hacking attacks have proven that web application security remains
the most critical. If your web applications are compromised, hackers will have complete
access to your backend data even though your firewall is configured correctly and your
operating system and applications are patched repeatedly.