Explain why web applications have become such a target for hackers. In addition, choose one of the Top 10 vulnerabilities we covered in class and describe why you think it is important to securing web applications.
Reader Interactions
Comments
Leave a Reply
You must be logged in to post a comment.
Web applications have become such a target for hackers because firewall works pretty well nowadays, but web applications have to let users get in their network/system in order to see and use their website, which is what the web application functions to. Hackers can take advantage by the hole that web applications opened, and hack from web server to database server from the hole for the customer data. One example would be SQL injection, which could trick the system as long as result has one row. Hackers use “or” in the last filed in SQL statement, and they probably get in as administrator because the first row of user database is usually as administrator. Therefore, it is important to have function in the web coding that only allow what types of text get in from the textbox.
When I searched online, I found there are three main reasons why web applications have become such a target for hackers. Firstly, web applications are easier to reach. According to TechTalks, in many cases, once websites are breached, they serve as a beachhead for other major attacks and allow attackers to move laterally across the network with insider access. Secondly, there are too many novice programmers writing web application codes. The third reason is the failure to update third-party packages. I think these three points could explain the reason. Malicious file injection allows attackers to perform remote code execution etc by compromising input files or streams; commonly caused by improperly trusting input files. It is important to protect the web application from attackers.
https://bdtechtalks.com/2016/02/29/why-are-web-applications-attractive-targets-for-hackers/
Web applications exist to share types of information, which are hosted on a single source, with multiple people. These applications may contain databases with sensitive material such as credit card or social security numbers, which is ideal information to a potential attacker. If a web app isn’t secured properly, a hacker may gain access to this personal information and use it for many purposes, such as selling the personal information, committing identity theft or opening new credit accounts. For hackers, web application security is the sole hurdle they must clear in order to gain access to an abundance of personal data.
One prominent vulnerability in web app safety is insecure direct object reference. Web developers must ensure that a person’s username is not located in a URL because URL’s are shareable. Consequently, if someone shares a URL while logged into their user account, the next person that clicks on the URL may have access to whatever information is in that account. Considering technology’s evolution, this should seem like an easy security measure to take. However, even something this simple can slip through the cracks due to time constraints or high demand for the completion of web development, which was the case when healthcare.gov went live with chaotic results.
The reason why web applications have become such a target for hackers is web applications are easier to reach with low cost and potential high returns. The vulnerability of breaching security cause a possible harm easily. For example, Cross-site scripting (XSS) is a common computer security vulnerability typically found in web applications. Attackers send malicious code in the form of a browser side script to a different end user by injecting into trustworthy website. When web applications do not have best practice in protection, the impact of XSS would be the disclosure of sensitive data (Business information, PII, Intellectual information and even national security information) that might cause fraud, defamation, identity theft or destruction of targets.
The biggest reason of web applications become the target of attacking is because they are easy to hack. It is easier to reach since the existence of many loopholes. Experienced programmers are not likely to program the web applications, and most of the coding are done by relative new programmers. There are many vulnerabilities, CSRF sounds like cross-site scripting (XSS), but it’s very different from XSS, which exploits trusted users within a site, and CSRF, which exploits trusted sites by disguising requests from trusted users. CSRF attacks are considered more dangerous than XSS attacks because they tend to be less prevalent (and therefore have relatively few resources to guard against) and less defensible than XSS attacks. Since these types of vulnerabilities exist, Hackers have more chances to hack the web applications with limited resource, and we need to secure them.
https://bdtechtalks.com/2016/02/29/why-are-web-applications-attractive-targets-for-hackers/