Analysis of data leakage investigation report in 2014 and investigation report in 2014

Analysis of data leakage investigation report in 2014 and investigation report in 2014
Web application attacks are one of the top concerns about Verizon data leakage Investigation Report (DBIR) data disclosure in 2014. These events mainly affect common content management systems, such as Joomla !, WordPress and Drupal vulnerabilities.

The report points out that these types of attacks are not only a reliable method for hackers, but also a compromise that takes a few minutes or less. As Web applications usually serve as the public image of an organization to the Internet, it is worrying about the ease of developing network-based vulnerabilities.

The DBIR report recommends that attackers find the vulnerabilities before they fix them. But how do you close your data before finding these vulnerabilities? One way to identify Web application vulnerabilities is to open the top ten files of the Web Application Security Project (OWASP), aiming to raise awareness about the 10 most critical security vulnerabilities in Web applications.

On the top 10 of OWASP, you will find "injection", such as the DBIR called by SQL injection. The injection vulnerability is a very common security vulnerability. It is very easy to use without tools to use simple text commands.

The best way to avoid Web-based attacks such as SQL injection is to prevent security programming practices in the first place, but security programming must occur during the development of Web applications. So Web applications may already include SQL Injection Vulnerabilities in production?

Vulnerabilities in widely used Web applications such as WordPress or Drupal may be highlighted by security researchers and Vulnerability Management vendors that may be included in the inspection of their products.

However, traditional vulnerability scanners are impossible to find the vulnerabilities of little-known and customized Web applications, if the security research team does not pay attention to them (or do not know their existence, in the case of built-in internal Web applications ).

Use a WebApp360 Vulnerability Management Solution like Tripwire, including covering every top ten regions of OWASP to help identify Web applications with security vulnerabilities in the production environment, even customized or less well-known Web applications.

Unlike traditional vulnerability checks, Web application vulnerability scanners use heuristic methods instead of Rule-based methods to detect Web application vulnerabilities without a license. As a result, hackers can take measures to remedy or mitigate the risks before finding these problems on the Internet.