Web 2.0 is thriving, and so too are applications that take advantage of this technology. Interactive sites like LinkedIn, Twitter and even company Web sites are becoming ever more popular, and yet, many IT departments are unprepared for today's emerging threats. As more companies take to the Web to conduct business, the opportunity for attack is increased and organisations need to re-adjust security practices for the Web 2.0 world.
New attack methods are constantly being employed by hackers, taking advantage of technologies that are already in place. Attackers continuously try to bypass security systems in place on sites such as Facebook, and gain access to information using the code that is running on the browser through the third party.
Many people associate hacking with credit-card and bank fraud-but this is not the case. ID theft is not just about being able to spend somebody else's money; it can be used to set-up credit accounts with business suppliers or open-up new premises, all at another's expense.
Whilst hackers are constantly evolving and adapting to new technologies, businesses are responding just as well. Employees, as well as IT departments, are now aware of security risks and most companies have IT security policies in place. Patches, security alerts and updates are now issued regularly from vendors and should be monitored and downloaded when available.
In addition, there are a number of tools which can help prevent attacks-Web application scanning in particular. This is an automated process which searches for software vulnerabilities in Web sites by launching its own attacks and analysing the results.
Technology continues to advance at an alarming rate-and with it those people who are willing to exploit others for financial gain. By staying informed of potential risks and combining the tried and tested preventative methodologies, IT departments can ensure they are well-equipped to deal with the constant threat of Web 2.0 attacks.
(Qualys Technologies is exhibiting at Infosecurity Europe 2010, the No. 1 industry event in Europe held on 27th-29th April in its new venue Earl's Court, London. The event provides an unrivalled free education programme, exhibitors showcasing new and emerging technologies and offering practical and professional expertise. For further information please visit www.infosec.co.uk)