Web Applications Vulnerabilities: How’s Your Business on the Web?
Web applications have become crucial for enterprises to meet customer demands and conduct business on the web. Web apps process data—anything from retail orders to B2B transactions—and store results in a back-end database server where data such as customer information sits.
However, web apps also introduce security risks like attacks that leverage server and application vulnerabilities. Some of the factors that contribute to the said risks include fast development for apps such that security is overlooked, the existence of legacy and custom-made web apps, and the complex nature of transactions done online.
Moreover, security often becomes second priority when web developers are commissioned to deliver websites that are fast, scalable, and has good user interface for various users (customers, partners, and employees). There are also cases when IT administrators delay deployment of patches for web-related servers and databases if the patch is unstable or buggy/incomplete.
Aside from web apps, vulnerabilities in web and database servers can be used by cybercriminals to penetrate enterprise networks, which can result to business disruption, tampered brand image, or the loss of critical data. For instance, the “Apache Killer,” a tool that takes advantage of an Apache HTTP Server vulnerability, enables a denial of service (DoS) attack when exploited. We also spotted a vulnerability in Oracle Database Server’s TNS listener, which can allow access to the database without the need to enter a password or user name.
In the TrendLabs’ primer Web Applications Vulnerabilities: How’s Your Business on the Web?, we tackled various security risks on web, web application, and database servers and the situations that introduce these risks in the network. It also delves on solutions that can mitigate and protect the network from security loopholes and attacks.
Post from: Trendlabs Security Intelligence Blog – by Trend Micro
Web Applications Vulnerabilities: How’s Your Business on the Web?
Powered by WPeMatico
Spotlight
Cloud Computing
- US makes large investment in cyber weaponry
- Wall Street has data security concerns over Bloomberg reporting
- Security in backups means more than just encryption
- Employees must buy into the company policy for better cloud security
Virtualization
- Virtualization-specific challenges could threaten data security
- Evolving threats put security skills in high demand
- Virtualization security requires education, access control management
- Tips for launching effective virtual security tools
Internet Safety
- Virtualization-specific challenges could threaten data security
- Evolving threats put security skills in high demand
- Virtualization security requires education, access control management
- Tips for launching effective virtual security tools
Vulnerabilities & Exploits
CTO Insights
First Line of Defense
Newsletter
Stay up to date with the latest news and information on online threats.
Recent News
- Cloud security group develops third-party certification program
- US makes large investment in cyber weaponry
- SEC may ask for more information after cyberattacks
- FBI trying to train financial execs on cyber threats
Tag Cloud
cloud cloud computing cloud computing security Cloud Security Compliance & Regulations Consumerization Current News cybercrime Data Privacy data security Encryption Government Policy Internet Protection Internet Safety Internet Safety - DO NOT USE Internet Security Malware Mobile Security Mobility Policy Policy - DO NOT USE Privacy Privacy & Policy Private Cloud Public Cloud Reports Research Spotlight threat intelligence threat research Trend Labs Underground Economy virtualization Vulnerabilities Vulnerabilities - DO NOT USE web security web threats
Comments
No comments yet
The comments are closed.