In the first week of June 2013, zone-h.org listed nearly 33,000 website break-ins and defacements
Web applications, such as those for eCommerce, customer service and online communities, are among the most vulnerable websites on the Internet.
Victims of attack suffer:
10,000 websites, including FTSE 100 companies and the UK Civil Service
- having their website defaced (cyber-vandalism)
- the theft of their intellectual property
- the theft of their business and customer data
- the theft of their customer's personal data
- having malware and pirated/illegal materials distributed from their server
- inadvertently distributing virus or botnet control software to their visitors
The results of a break-in are invariably embarrassing for the company targeted, and the cleanup costs range from "expensive and inconvenient" to the sort of massive damage to reputation and business that can put the future of an organisation at risk.
No matter how good programmers are, bugs creep in to all pieces of software. For web applications, there are also the "abusable features" which are correctly coded, but offer non-obvious attack methods to those who understand how to exploit them. Many such problems can easily result in penetration of the application and the entire database and server infrastructure behind it.
IT Security Consultant Derek Fountain provides vulnerability assessment consultancy and testing for organisations wanting to mitigate the risks of putting applications online.