Stephen Pao, vice president of product management, Barracuda Networks
Nearly 75 percent of internet vulnerabilities occur at the application layer, and for most companies the website is the main web application. Hackers employ a number of techniques to attack websites — from SQL injections to cross-site scripting attacks — all of which can lead to website defacements, theft of personal information, denial of service attacks, or a combination of malicious behavior.
Unfortunately, it is relatively easy to leave web applications exposed – it only takes an unsecured web server or minor code flaws following repeated updates. As much as 70 to 90 percent of web applications act as carriers of application vulnerabilities. Businesses of all sizes must urgently review how they can best protect against current and new forms of web-based attacks.
Efforts to ensure safer practices for online retail are outlined in the Payment Card Industry Data Security Standard (PCI DSS), which mandates that all web applications that accept and store credit card and other account information must either undergo an extensive audit of all custom application code or implement a web application firewall to protect web servers from hackers attempting to exploit any application code vulnerabilities.
This is why many e-commerce businesses are choosing to invest in a comprehensive web application firewall. This option protects web applications from any attacks, and ensures a layer of security regardless of the application code. Web-application security solutions provide complete protection for web applications as well as feature additional traffic management capabilities to improve performance, scalability and manageability in a demanding data center environment.
Equally important to an organization’s web application security strategy is ensuring that good coding practices are implemented and that external audits occur on a scheduled basis. Web application firewalls are a good way to augment such practices and are particularly useful when an organization’s applications change quickly, use legacy code, or when there’s simply too much code to fix.
The internet helps businesses to establish a global presence, conduct transactions and deliver real-time communications; however, businesses must also invest in greater levels of defense for their website. By increasing security measures, businesses can save themselves the great expense and public humiliation associated with an attack on its website. Such measures also ensure that your website is a safe place to visit and demonstrates a commitment to customers and clients.