There is no doubt that web application security is a very critical aspect of modern day businesses and for all concerned, the stakes are high; for businesses that derive increasing revenue from internet commerce, for users who trust web applications with sensitive information and for criminals who can make big money by stealing payment details. Reputation plays a critical role and few people want to do business with an insecure website and many businesses have lost their customer’s trust after they were hacked and were forced to stop trading.
This crime is on the up
Cybercrime has risen by 38% last year and will continue to rise this year, sadly a lot of entrepreneurs don’t think a hack would harm them because their website has ‘no data’, this is the wrong perception.
Below is what a hack can do to your website with ‘no data’;
- Spamming in your name.
- Install malware/ransomware on the computers of your visitors. (users on your site can get their own computer and files locked
- Spam linking from your website.
- Blocking your website and demanding a ‘ransom’
- As soon as Google detects malware on your website your rankings will suffer significantly.
- You customers won’t trust your website and therefore your company
The truth is that the majority of websites are insecure, despite the widespread usage of SSL technology and the adoption of regular PCI scanning.
Below is an overview of the percentage of websites tested in recent years that were found to be affected by some common categories of vulnerability;
Broken authentication (62%) — This category of vulnerability may enable an attacker to guess weak passwords, launch a ‘brute-force attack’ or bypass your login details.
Broken access controls (71%) — This involves cases where the application fails to properly protect access to its data and functionality, potentially enabling an attacker to view other users’ sensitive data held on the server or carry out privileged actions.
SQL injection (32%) — This vulnerability enables an attacker to interfere with the application’s interaction with back-end databases. An attacker may be able to retrieve arbitrary data from the application, interfere with its logic or execute commands on the database server itself.
Cross-site scripting (94%) — This vulnerability enables an attacker to target other users of the application potentially gaining access to their data in the process, perform unauthorised actions on their behalf or carry out other attacks against them.
Information leakage (78%) — This involves cases where an application divulges sensitive information that is of use to an attacker in developing an assault against the application.
Cross-site request forgery (92%) — This flaw means that application users can be induced to perform unintended actions on the application and allows a malicious website visited by the user to perform actions that the user did not intend.
Concerned about your website security?
Contact firstname.lastname@example.org today and order a full website vulnerability scan and report.