Web Applications: The Achilles Heel of Security Strategies

Increasingly, hackers are concentrating their efforts on web-based applications -- shopping carts, forms, login pages and dynamic content. A Gartner Group study determined that 75% of cyber attacks are done at the web application level. Web applications are accessible 24 hours a day, 7 days a week and are a passageway to valuable data: customer and employee databases, transaction information and proprietary corporate data. Many enterprises have addressed network security issues and have implemented firewall technology but have not yet protected their "crown jewels" -- data that can be compromised via web application hacks.

The first reported instance of a Web application attack was perpetrated in 2000. While making online transactions with a large bank, a 17 year-old Norwegian boy noticed that the URLs of the pages he was viewing displayed his account number as one of the parameters. He substituted his account number with the account numbers of random bank customers and immediately gained access to customer accounts and personal details.

Other hackers have followed in his footsteps, exploiting hundreds of different techniques to compromise web applications and exploit what is fast becoming the biggest Achilles heel in an organization's security strategy. "Web applications are now the prime target for hackers. A quick hack of a vulnerable web application can give instant access to valuable data such as customer credit cards and employee social security numbers," said Nick Galea, CEO of Acunetix. "New hacking techniques emerge every day. Auditing one's web applications should be the number one security concern for every enterprise." Acunetix Web Vulnerability Scanner offers security administrators access to a host of features that will protect their web applications and web sites.