Web Apps Are the Most Vulnerable to Breaches

Web Apps Are the Most Vulnerable to Breaches

Web Apps Are the Most Vulnerable to BreachesWeb Apps Are the Most Vulnerable to Breaches

On-premises data centers have slightly more security incidents than public clouds, and web applications are particularly vulnerable.

Security Incident Types ObservedSecurity Incident Types Observed

Web app attacks: 75%,
Brute force: 16%,
Recon: 5%,
Advanced malware: 2%,
DoS/DDoS: 1%,
Other: 1%

Web Attack Types ObservedWeb Attack Types Observed

SQL injection: 55%,
Remote code execution: 22%,
File upload: 6%,
Web app attack recon: 5%,
Remote code execution Apache struts: 5%,
XXE: 3%,
Other: 4%

Public Versus Private Cloud IncidentsPublic Versus Private Cloud Incidents

Hybrid installations (public cloud, on-premises network and hosted private cloud) experienced a 141% higher rate of incidents per customer. On-premises installations had 69% more incidents than enterprises using only public clouds. Private cloud entities had 51% more incidents.

Top Observed IncidentsTop Observed Incidents

Public clouds, on-premises installations, hybrid clouds and hosted private clouds share the most common incident types: SQLI reconnaissance activity, Joomla Web App Attacks and SQL injection issues.

Web Attack Incidents per MonthWeb Attack Incidents per Month

The number of attack incidents per month during the study interval peaked in April 2017 at 11,000. At 55%, SQL injection was the attack vector used most frequently.

CMS and E-Commerce Apps HuntedCMS and E-Commerce Apps Hunted

Content management systems (CMSes) and e-commerce platforms are rich hunting grounds for attackers. Joomla experienced 25% of the total web application attacks, followed by WordPress (10%) and Apache Struts (10%).

Exploits Targeting JoomlaExploits Targeting Joomla

Exploits targeting Joomla take advantage of remote code execution vulnerabilities. 83% of Joomla incidents involved remote code execution, 10% involved SQL injection, and 7% involved file upload.

Exploits Targeting MagentoExploits Targeting Magento

Magenta-focused attacks account for 7% of total web application attacks. Of these, 97% were SQLi issues that could not be definitively linked to the platform. The remainder involved remote code execution.

Exploits Targeting WordPressExploits Targeting WordPress

WordPress’ flexibility affects its overall security profile. As a result, exploits targeting specific WordPress plug-ins account for the lion’s share of this platform’s security issues: 42,000 exploits for WordPress Revslider.

Preventing Targeted AttacksPreventing Targeted Attacks

Take a hard risk-assessment look at the value in app ads versus the risk.
Continually assess your attack surface for vulnerabilities and configuration exposures.
Understand your own patching process and make it a priority to evaluate and deploy patches when they become available.

Preventing Targeted Attacks ContinuedPreventing Targeted Attacks Continued

Insist that your providers offer clear communications about security issues and that they improve customer service.
Restrict administrative and access privileges. Keep privileges for applications and operating systems up to date.

Karen A. Frenkel
Karen A. Frenkel
Karen A. Frenkel is a contributor to CIO Insight. She covers cybersecurity topics such as digital transformation, vulnerabilities, phishing, malware, and information governance.

Get the Free Newsletter!

Subscribe to Daily Tech Insider for top news, trends, and analysis.

Latest Articles