Announcement posted by Cybernetic Global Intelligence 29 May 2015
Web applications of all kinds, whether online shops or partner portals, have in recent years increasingly become the target of hacker attacks. Due to the always ‘on’ state of the internet, any application, whether it is the online branch of a bank, an online shop, or even an employee access portal, it is always available and therefore vulnerable to attacks. These vulnerabilities are increased even further by the high degree of complexity of the web scripts, frameworks and web technologies frequently used.
Attacks such as SQL injection, cross-site scripting or session hijacking are aimed at vulnerabilities in the web applications itself – and not at those on the network level. For this reason, traditional IT security systems such as firewalls or IDS/IPS are either totally unable to guard against these attacks or are incapable of offering comprehensive protection.
Any applications that may provide interactive access to potentially sensitive materials or expose the underlying servers and software, must be secured against malicious attacks or any unauthorized user access that have the power to modify or destroy data or stop critical system services.
Larger, more sophisticated organisations, have the most to lose if their applications fall prey to attacks, but the fallout from these can leave even the smallest organisations reeling. The possible effects of the non-availability or data loss in the web applications include:
Interruption of business processes (including those of customers or partners)
Loss of reputation
Damage compensation claims
Revocation of licenses
Loss of confidential information.