Like water, hackers take the path of least resistance. Today, this path leads over Secure Sockets Layer (SSL) to get past most corporate firewalls, where nothing exists between a hacker, a Web site and the information it holds. Using a browser and a few simple tricks, hackers can penetrate a Web site.<\/p>\n","protected":false},"excerpt":{"rendered":"
With firewalls and patch management now being standard practices, the network perimeter has become increasingly secure. Determined to stay a step ahead, hackers have moved up the software stack, focusing on the Web site itself. According to a Gartner analyst, more than 70 percent of cyberattacks occur at the application layer.
\n1. “The Web site uses SSL, so it’s secure.”
\nSSL by itself does not secure a Web site. SSL does not protect the information stored on the site once it arrives.
\n2. “A firewall protects the Web site, so it’s safe.”
\nFirewalls allow traffic to pass through to a Web site but lack the ability to protect the site itself from malicious activity.
\n3. “The vulnerability scanner reported no security issues, so the web site is secure.”
\nVulnerability scanners have been used since the early ’90s to point out well-known network security flaws. However, they neglect the security of custom Web applications running on the Web server, which usually remain full of holes. Up-to-date vulnerability scanners now achieve more than 90 percent vulnerability coverage on the average network–but they sparsely target the Web-application layer because there are no well-known security issues present in custom-written Web code.
\n4. “Web application security is a developer problem.”
\nSure, developers are part of the problem, but many factors beyond their control contribute to software security. For example, source code can originate from a variety of locations besides in-house. A company might have code developed by an offshore firm to intermingle with existing code.
\n5. “Security assessments are performed on the Web site every year, so it’s secure.”
\nThe high rate of change in normal Web-site code rapidly decays the accuracy of even the most recent of security reports. As each new revision of a Web application is developed and pushed, the potential for new security issues increases. <\/p>\n
http:\/\/www.varbusiness.com\/sections\/news\/breakingnews.jhtml%3Bjsessionid=N241AGHB04JH2QSNDBCSKHY?articleId=22104030<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-54","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/54","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=54"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/54\/revisions"}],"predecessor-version":[{"id":2541,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/54\/revisions\/2541"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=54"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=54"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=54"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}