With the birth of a series of new Internet products such as Web2.0, social networks, and Weibo, the web-based Internet applications are becoming more and more extensive. In the process of enterprise informatization, various applications are deployed on the Web platform, the rapid development of Web Services has also aroused the strong attention of hackers, highlighting web security threats, hackers exploit vulnerabilities in website operating systems and SQL Injection Vulnerabilities in WEB service programs to gain control permissions on Web servers. Hackers tamper with WEB content and steal important internal data, what's more serious is that malicious code is embedded in the web page, causing website visitors to be attacked. As a result, more and more users are concerned about the security of the application layer, and their attention to web Application Security is also increasing.
Why web security threats are becoming increasingly serious
Currently, many businesses rely on the Internet, such as online banking, online shopping, and online games. Many malicious attackers attack Web servers for bad purposes, find ways to obtain personal account information of others for benefits. This is precisely because the Web business platform is most vulnerable to attacks. At the same time, Web server attacks can be said to be varied and varied. Common attacks include Trojan, SQL injection, buffer overflow, sniffing, and Web Server Vulnerability exploitation by IIS.
On the one hand, the design of TCP/IP does not consider security issues, which makes the data transmitted over the network have no security protection. Attackers can exploit system vulnerabilities to cause system process buffer overflow. Attackers may obtain or escalate their own user permissions on a vulnerable system to run arbitrary programs or even install and run malicious code, steal confidential data. The application-layer software does not take security into account too much during development, which causes many vulnerabilities in the program, such as buffer overflow, SQL injection, and other popular application-layer attacks, these are due to the neglect of security considerations in the software development process.
On the other hand, users have a strong curiosity about some secret things. attackers who use Trojans or virus programs to attack things often exploit the user's curiosity, bind Trojans or virus programs to some gorgeous images, audio and video files, free software files, and other files. Then place these files on some websites, and then entice users to click or download them. You can also send these Trojans or virus-bound files to users through email attachments and instant chat software such as QQ and MSN, and use users' curiosity to lure users into opening or running these files.
Another common method for hackers is to compile Trojans or viruses into a script and embed them into messages of chat software such as web pages, emails, and QQ, or make a super connection to point to this script, as long as the user opens a window containing web pages, emails, and chat information embedded with these Trojans or viruses, or click the super connection pointing to these Trojans and virus scripts. These Trojans or virus programs can easily enter the user's PC.
Phishing attacks are also carried out in a variety of ways. One of them is to forge a very similar website interface, to entice users to log on to this fake online banking website. Some users can easily trust the information to seduce them, coupled with carelessness, the consequences will be unimaginable.
Nowadays, the trend of mobile office is becoming more and more obvious among enterprises. Most employees bring computers back to their homes to work, or access the Internet in public places. They have become the first target of Web threat intrusion. The increasing dependence on the Internet by enterprise employees also makes the company's network more vulnerable to attacks by using employees as stepping stone. The main intrusion path of malicious programs has been changed to the HTTP method, and the virus generation speed is fast and many variants make the originally fragile Enterprise Network worse.
In the face of the surging application threats, the vast majority of enterprises are not truly aware of the crisis. On the one hand, malicious websites are growing rapidly at a rate of 600% per year. On the other hand, 77% of websites with malicious code are legitimate websites implanted with malicious attack code. These threats are evolving towards targeted and compound attacks. One of these attacks may include multiple threats, such as viruses, worms, Trojans, spyware, botnets, phishing emails, vulnerability exploitation, downloading programs, social engineering, rootkit, and hackers, this vulnerability may cause DoS, service hijacking, information leakage, tampering, and other dangers. In addition, Composite Attacks increase the difficulty of collecting all "samples", resulting in a variety of damages, unpredictable latencies, and even remote and controllable attacks.
How should we deal with it?
With the increasing number of multi-form attacks, the security effects of traditional protection methods are getting worse and worse, and they are always in the cycle of preventing threats, detecting threats, processing threats, and executing policies. More seriously, traditional anti-virus solutions only for terminal devices cannot cope with the changing Web threats.
As individual users, they should deepen their understanding of Network Security Prevention, constantly improve their computer and network application technology to reinforce computer security, and strive to overcome their curiosity, eliminate greed for low-cost psychology and regulate network operations to mitigate the increasing trend of web application security problems.
For enterprise users, security products for Web applications can be divided into three aspects: Network, Web server itself and program security. In terms of network, you can consider deploying firewall, IDS/IPS, security gateway, Anti-Virus Wall, and other products in front of Web servers to defend against most attacks. In addition, you can deploy a safer Web server and its own protection system, such as a webpage tamper-proofing protection system (tamper-proofing Protection and Restoration software), malicious active defense system, access control system, audit system and other products, to achieve automatic scanning and monitoring, so as to protect the system and files. At present, there have been research directions on program security, and we hope to see related products as soon as possible.
In the end, we need to achieve "both hands should be hard", and use an image metaphor to explain that firewall/intrusion detection systems are like external functions such as golden bell-clad iron cloth shirts to prevent the use of clear guns; what is more important is that you need to cultivate Taiji and other internal skills to make up for your own vulnerabilities and avoid the Dark Arrow. The effect of both internal and external training will make your company look at the corners of the world.