Web Apps Are the Most Vulnerable to Breaches

 
 
By Karen A. Frenkel  |  Posted 09-11-2017 Email
 
 
 
 
 
 
 
 
 
  • Previous
    Web Apps Are the Most Vulnerable to Breaches
    Next

    Web Apps Are the Most Vulnerable to Breaches

    On-premises data centers have slightly more security incidents than public clouds, and web applications are particularly vulnerable.
  • Previous
    Security Incident Types Observed
    Next

    Security Incident Types Observed

    Web app attacks: 75%, Brute force: 16%, Recon: 5%, Advanced malware: 2%, DoS/DDoS: 1%, Other: 1%
  • Previous
    Web Attack Types Observed
    Next

    Web Attack Types Observed

    SQL injection: 55%, Remote code execution: 22%, File upload: 6%, Web app attack recon: 5%, Remote code execution Apache struts: 5%, XXE: 3%, Other: 4%
  • Previous
    Public Versus Private Cloud Incidents
    Next

    Public Versus Private Cloud Incidents

    Hybrid installations (public cloud, on-premises network and hosted private cloud) experienced a 141% higher rate of incidents per customer. On-premises installations had 69% more incidents than enterprises using only public clouds. Private cloud entities had 51% more incidents.
  • Previous
    Top Observed Incidents
    Next

    Top Observed Incidents

    Public clouds, on-premises installations, hybrid clouds and hosted private clouds share the most common incident types: SQLI reconnaissance activity, Joomla Web App Attacks and SQL injection issues.
  • Previous
    Web Attack Incidents per Month
    Next

    Web Attack Incidents per Month

    The number of attack incidents per month during the study interval peaked in April 2017 at 11,000. At 55%, SQL injection was the attack vector used most frequently.
  • Previous
    CMS and E-Commerce Apps Hunted
    Next

    CMS and E-Commerce Apps Hunted

    Content management systems (CMSes) and e-commerce platforms are rich hunting grounds for attackers. Joomla experienced 25% of the total web application attacks, followed by WordPress (10%) and Apache Struts (10%).
  • Previous
    Exploits Targeting Joomla
    Next

    Exploits Targeting Joomla

    Exploits targeting Joomla take advantage of remote code execution vulnerabilities. 83% of Joomla incidents involved remote code execution, 10% involved SQL injection, and 7% involved file upload.
  • Previous
    Exploits Targeting Magento
    Next

    Exploits Targeting Magento

    Magenta-focused attacks account for 7% of total web application attacks. Of these, 97% were SQLi issues that could not be definitively linked to the platform. The remainder involved remote code execution.
  • Previous
    Exploits Targeting WordPress
    Next

    Exploits Targeting WordPress

    WordPress' flexibility affects its overall security profile. As a result, exploits targeting specific WordPress plug-ins account for the lion's share of this platform's security issues: 42,000 exploits for WordPress Revslider.
  • Previous
    Preventing Targeted Attacks
    Next

    Preventing Targeted Attacks

    Take a hard risk-assessment look at the value in app ads versus the risk. Continually assess your attack surface for vulnerabilities and configuration exposures. Understand your own patching process and make it a priority to evaluate and deploy patches when they become available.
  • Previous
    Preventing Targeted Attacks Continued
    Next

    Preventing Targeted Attacks Continued

    Insist that your providers offer clear communications about security issues and that they improve customer service. Restrict administrative and access privileges. Keep privileges for applications and operating systems up to date.
 

Is the cloud more—or less—secure than on-premises data centers? The "2017 Cloud Security Report," a study from Alert Logic, found 51 percent more security incidents per customer in on-premises installations than in public clouds. However, the report pointed out that more incidents do not necessarily translate into more breaches. The report also found that web applications—particularly content management systems and e-commerce platforms—are the "soft underbelly" of organizations. "It's not the number of attacks or vulnerabilities that matter, but the attacks and vulnerabilities that ultimately lead to breaches," said Misha Goushteyn, senior vice president, products and marketing, and co-founder of Alert Logic. In this respect, "web apps are the dominant driver across the board, surpassing even the likes of privilege misuse, point-of-sale compromises and exploitation of unpatched operating system vulnerabilities." The report analyzed customer data from 3,800 Alert Logic on-premises and hybrid cloud customers for 555 days. Findings are based on the analysis of 2 million security incidents that customers endured, 32.5 million events associated with those incidents and 147 petabytes of security data.

 
 
 
 
 
Karen A. Frenkel writes about technology and innovation and lives in New York City.

 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login Register