TEA Blog

HOW ARE ECOMMERCE WEB SITES ATTACKED?

As more and more business is done using the World Wide Web, themselves have become increasingly attractive to . What makes a such target for an attack is not only that there are so many sites to attack, but the fact that an overwhelming majority of all can be easily exploited by some of the most common vulnerabilities.

According to a study; Security that assessed vulnerability data in 1031 different , it was found that:

  • 82% of the have had at least one High, Critical, or Urgent issue

  • 17,888 vulnerabilities were found

  • There was an average of 17 vulnerabilities per

  • 7,157 vulnerabilities went unresolved

How are Web Sites Attacked?

In the early days of the World Wide Web, hackers would engage in hacking attacks to deface as a sign of protest against a corporate or political ideology, or test their hacking skills using defacement as a way to gain notoriety amongst their peers. However as the Web has grown, and more business is reliant on web technologies to function, attacks against have become more complex and sophisticated because of one reason - money. In light of this, Web application security has never been more critical to business.

Attackers, no longer driven by notoriety and ideology, have focused more on techniques that allow them to profit from their illegal activities. Exploited sites allow the theft of steal credit card data, financial information, identities, intellectual property, and anything else cyber criminals can get their hands on.

Funded by criminal organizations, attackers now rely on large botnets that can rent for as low as $150 for 2000 machines. In the hands of these cyber criminals, these zombie machines are able to seek out vulnerable . Once these sites are identified, the attacker turns the focus of the botnet towards launching coordinated, distributed attacks against them exploiting web applications, web servers, FTP servers, and any other possible point of entry.

What are the Most Common Vulnerabilities?

There are many different ways in which attackers are able to compromise a . Some of the most common vulnerabilities that attackers use are:

  • Cross-site scripting

  • SQL Injection

  • Cross-Site Request Forgery

  • Information Leakage

  • Content Spoofing

  • Session Hijacking

  • Path Traversal

With the proliferation of out of the box web applications, it has never been easier for to be built rather quickly. Unfortunately, these quick solutions also make it easier for attackers. Without proper training and knowledge, many of these sites are left with multiple vulnerabilities.

The Need to Protect Web Sites

In addition to a compromised exposing sensitive data, there are other risks associated with security.

Denial of Service Attacks

Denial of Service attacks intended to disrupt a web sites ability to serve pages to its visitors. Usually, these attacks are carried out by overloading the server with requests. Businesses that rely on their for normal business operations can find a tremendous drop in revenue as a result.

Brand Damage

One of the most damaging things that can happen to a is to have it flagged as malicious. According to Stopbadware.org, not many sites even realize that they serve malicious pages. That is until it is too late. Sites that are flagged as malicious lose customers and visitors as a result.

Network Security Risks

Web sites that are compromised can provide the attacker access to a companys internal network. Through attacks like Remote File Includes, an attacker is able to access protected files that may contain authentication information used other network resources.

  • Easy installation on Apache and IIS servers

  • Strong security against known and emerging hacking attacks

  • Best-of-breed predefined security rules for instant protection

  • Interface and API for managing multiple servers with ease

  • Requires no additional hardware, and easily scales with your business

Architected as plug & play software providing optimal out-of-the-box protection, security software creates a security layer in front of the application to detect and protect against application-level attacks in incoming web traffic that could be used to compromise the web server, steal sensitive information, or disrupt web services.

ARTICLE SOURCE: This factual content has not been modified from the source. This content is syndicated news that can be used for your research, and we hope that it can help your productivity. This content is strictly for educational purposes and is not made for any kind of commercial purposes of this blog.