Web Application Security

While the adoption of Web-based technologies for conducting e-business has enabled organizations to connect seamlessly with suppliers, customers and other stakeholders, it has also exposed a multitude of previously unknown security risks.

If web applications are not secure, i.e., vulnerable to, at least one of the various forms of hacking techniques, then your entire database of sensitive information is at serious risk.

Some hackers, for example, may maliciously inject code within vulnerbale web applications to trick users and redirect them towards phisphing sites. This techniques is called Cross-Site Scripting and may be used even though the web servers and database engine contain no vulnerbality themselves.

Recent research shows that 75% of cyber attacks are done at web application level.

  • Websites and related web applications must be available 24 hours a day, 7 days a week to provide the required service to customers, employees, suppliers and other stakeholders
  • Firewalls and SSL provide no protection against web application hacking, simply because access to the website has to be made public – ports 80 and 443 must remain open to allow the web application retrieve, deliver and update the data residing within the database servers
  • Web applications often have direct access to backend data such as customer databases and, hence, control valuable data and are much more difficult to secure
  • Most web applications are custom-made and, therefore, involve a lesser degree of testing than off-the-shelf software. Consequently, custom applications are more susceptible to attack

Acunetix Web Vulnerability Scanner
Acunetix Web Vulnerability Scanner ensures website security by automatically checking for SQL injection, Cross site scripting and other vulnerabilities. It checks password strength on authentication pages and automatically audits shopping carts, forms, dynamic content and other web applications. As the scan is being completed, the software produces detailed reports that pinpoint where vulnerabilities exist. Take a product tour or download the evaluation version today!

Scanning for XSS vulnerabilities with Acunetix WVS Free Edition!
 To check whether your website has cross site scripting vulnerabilities, download the Free Edition. This version will scan any website / web application for XSS vulnerabilities and it will also reveal all the essential information related to it, such as the vulnerability location and remediation techniques. Scanning for XSS is normally a quick exercise (depending on the size of the web-site).

Articles on Website Security

Cross Site Scripting - XSS - The Underestimated Exploit
Microsoft UK Events Website Hacked
Web Applications: What are they? What of them?
The JavaScript Engine of Acunetix WVS
Payment Card Industry Data Security Standard (PCI) Compliance
Web hacking: An underestimated threat
Web Server Security and Database Server Security
The True Nature of Web Application Security: The Role and Function of Black Box Scanners
Ajax security: Are AJAX applications vulnerable to hack attacks?
SQL Injection: What is it?
Web Security Scanning
How to check for SQL injection vulnerabilities
Cross Site Scripting Attack
CRLF Injection Attack
Directory Traversal Attacks
Authentication Hacking Attacks
Google hacking
PHP / SQL Security - Part 1
PHP / SQL Security - Part 2
PHP / SQL Security - Part 3
PHP / SQL Security - Part 4
PHP / SQL Security - Part 5
PHP / SQL Security - Part 6

White Papers on Web security

The Payment Card Industry Compliance - Securing both Merchant and Customer data.
Web Services - The Technology and its Security Concerns
PHP and SQL Security by Andrew J. Bennieston
Are AJAX Applications Vulnerable to Hack Attacks? The importance of Securing AJAX Web Applications
Auditing Your Web Site Security with Acunetix Web Vulnerability Scanner
The Importance of Web Application Scanning