Weaknesses that exist within a website's mainframe allow cyber criminals unauthorized access to private and confidential data. Using this data, hackers can cause havoc upon individuals and companies alike.
Hacking is not a game for these criminals. They do not hack websites for bragging rights. Cyber criminals have extortion on their mind and in some rare cases; hackers hold company data at ransom. For example, on the 7th of February 2012, a security industry giant Symantec was held for ransom by unknown hackers that stole the pcAnywhere software source code.
The ways in which individuals and companies are affected by breaches in web application are countless. To illustrate, take an example of an attack on a very large fortune 500 company. Suppose that the attack resulted in the theft of over 10,000 credit card numbers and the criminals now are holding the company at ransom.
Word leaks out about the security breach and the company is subject to a massive security audit and an internal investigation by federal authorities. The customers of that company lose faith in the security capabilities of that business and take their transactions elsewhere. Subsequently, the company starts losing large amounts of revenue while customers of that company start finding unauthorized charges to their credit cards.
The scenario above is just one of many ways of how cyber criminals are affecting individuals and companies alike.
The security flaws lie in the web applications themselves. Programmers create web applications with the goal of simplicity and ease of use in mind. Often this goal causes the web application to be targeted for an attack. Cyber attacks can take place in the following ways:
€ Injection: Injection flaws, such as SQL, OS, and LDAP injection, occur when untrusted data is sent to an interpreter as part of a command or query. The attacker's hostile data can trick the interpreter into executing unintended commands or accessing unauthorized data.
€ Cross-site Scripting (XSS): XSS flaws occur whenever an application takes untrusted data and sends it to a web browser without proper validation and escaping. XSS allows attackers to execute scripts in the victim's browser which can hijack user sessions, deface web sites, or redirect the user to malicious sites.
€ Cross Site Request Forgery (CSRF): A CSRF attack forces a logged-on victim's browser to send a forged HTTP request, including the victim's session cookie and any other automatically included authentication information, to a vulnerable web application. This allows the attacker to force the victim's browser to generate requests the vulnerable application thinks are legitimate requests from the victim.
Programmers must implement state of the art coding protection in their web applications in order to ensure the privacy of their company clients and their customers. This will ensure the success of a company in the long run.
Hacking is not a game for these criminals. They do not hack websites for bragging rights. Cyber criminals have extortion on their mind and in some rare cases; hackers hold company data at ransom. For example, on the 7th of February 2012, a security industry giant Symantec was held for ransom by unknown hackers that stole the pcAnywhere software source code.
The ways in which individuals and companies are affected by breaches in web application are countless. To illustrate, take an example of an attack on a very large fortune 500 company. Suppose that the attack resulted in the theft of over 10,000 credit card numbers and the criminals now are holding the company at ransom.
Word leaks out about the security breach and the company is subject to a massive security audit and an internal investigation by federal authorities. The customers of that company lose faith in the security capabilities of that business and take their transactions elsewhere. Subsequently, the company starts losing large amounts of revenue while customers of that company start finding unauthorized charges to their credit cards.
The scenario above is just one of many ways of how cyber criminals are affecting individuals and companies alike.
The security flaws lie in the web applications themselves. Programmers create web applications with the goal of simplicity and ease of use in mind. Often this goal causes the web application to be targeted for an attack. Cyber attacks can take place in the following ways:
€ Injection: Injection flaws, such as SQL, OS, and LDAP injection, occur when untrusted data is sent to an interpreter as part of a command or query. The attacker's hostile data can trick the interpreter into executing unintended commands or accessing unauthorized data.
€ Cross-site Scripting (XSS): XSS flaws occur whenever an application takes untrusted data and sends it to a web browser without proper validation and escaping. XSS allows attackers to execute scripts in the victim's browser which can hijack user sessions, deface web sites, or redirect the user to malicious sites.
€ Cross Site Request Forgery (CSRF): A CSRF attack forces a logged-on victim's browser to send a forged HTTP request, including the victim's session cookie and any other automatically included authentication information, to a vulnerable web application. This allows the attacker to force the victim's browser to generate requests the vulnerable application thinks are legitimate requests from the victim.
Programmers must implement state of the art coding protection in their web applications in order to ensure the privacy of their company clients and their customers. This will ensure the success of a company in the long run.
Source...