More

    Web Applications Under Siege

    While it's no surprise that systems on the Web are the primary targets for malware, it's troubling that attacks aimed at Apple QuickTime and Adobe Flash have tripled in the first six months of this year.

    Those are the findings of a recent survey from Hewlett-Packard’s TippingPoint team, which came to HP in the recent acquisition of 3Com.

    According to Mike Dausin, manager for advanced security intelligence for HP TippingPoint DVLabs,  attacks not only are becoming more frequent, but more sophisticated as well. While the malware itself in many cases is “beautifully written,” the attacks themselves being aimed at software that is among the least secure on the Web.

    This path-of-least-resistance approach is consistent with the history of malware. But now that Windows operating systems and network perimeters are generally more secure, malware distributors are simply moving on to the next easy targets.

    Dausin says HP has also documented a sharp rise in JavaScript and PHP File attacks and that older attacks, such as SQL Injections, are making a comeback.

    HP highly recommends that IT organizations make sure they are running the latest version of common Web applications, such as version 9 of Adobe Reader, that are inherently more secure.

    But dealing with these attacks effectively will require more resources to be allocated to application security. In many cases, that may mean consolidating network perimeter security appliances to save money that can be reallocated to application security. In other cases, it might mean allocating more of the applications budget to deal with security issues.

    There may never be the perfectly secure Web application. But one thing that is for certain, if an IT organization makes it easy to compromise a Web application,  in all probability it has already happened.

    Web Applications Under Siege - slide 1

    Click through for results from a security threat survey conducted by HP.

    Web Applications Under Siege - slide 2

    Web application vulnerabilities remain at a constant high level.

    Web Applications Under Siege - slide 3

    Cross-site request forgeries are rising.

    Web Applications Under Siege - slide 4

    The number of these instances is getting higher.

    Web Applications Under Siege - slide 5

    A rise after a period of marked improvement.

    Web Applications Under Siege - slide 6

    As Apple gains popularity, the number of known security issues rises.

    Web Applications Under Siege - slide 7

    Adobe Flash is now a favorite target.

    Web Applications Under Siege - slide 8

    Another marked increase.

    Web Applications Under Siege - slide 9

    And a corresponding increase on the server side.

    Web Applications Under Siege - slide 10

    A noticeable decline.

    Web Applications Under Siege - slide 11

    A definite rising trend.

    Web Applications Under Siege - slide 12

    A sharp rise in is this type of attack as well.

    Web Applications Under Siege - slide 13

    A sudden increase in an old method.

    Web Applications Under Siege - slide 14

    Another increase in SQL-based attacks.

    Web Applications Under Siege - slide 15

    Used primarily by the Conficker worm.

    Web Applications Under Siege - slide 16

    A welcome decline.

    Web Applications Under Siege - slide 17

    A major security improvement of previous versions.

    Get the Free Newsletter!

    Subscribe to Daily Tech Insider for top news, trends, and analysis.

    Latest Articles