The Month: Threat of the month – Application exploits

What is it? Hackers are focused on revenue. In pursuit of this, a significant attack objective has been compromising databases and data aggregations. Miscreants are using tools to find application and web services vulnerabilities.

How does it work? Because of the security industry's collective work onsecuring operating systems and perimeter defences, hackers are now"moving up the stack" to the application layer. For example, the PHP(hyper-text pre-processor) interpreter and applications written for ithave become notorious for their security vulnerabilities and successfulattacks. As Web Services 2.0 and Ajax programming gain more traction,security experts and hackers have turned their attention in thisdirection.

Should I be worried? The application layer is more complex and variedthan the lower layers on the stack. Every database, website, form, SOAPinterface and other application is vulnerable, even though they may passa vulnerability scan.

How can I prevent it? Improving training for developers, enhancingdiscovery and directed assessments of applications, restrictingunnecessary functionality, making the use of logs and alarms morejudicious, and employing a good incident response plan are all basicsecurity practices.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.