By Tyler Rorabaugh
As application attacks expose more and more data and are combined with combinatorial type attacks, the application security problem has only begun, and will grow at an exponential rate. Why? Because more data endpoints means more attack vectors. The recent release of Imperva’s Web Application Attack Report only confirms this downward spiral – finding that the U.S. tops the charts globally as a source of Web-based attacks.
Companies tend to approach security using a traditional perimeter based security model – they first establish a perimeter by monitoring assets, then focus on risk analysis and management. The problem is that it’s like putting a fence around a piece of property but the area that the property is located in is constantly changing and evolving. Let’s face it, today’s businesses are data-centric, where data is the core of their business, but our security models are focused primarily on assets and not the data itself.
Web Application Firewalls and Database Firewalls help, but you must proactively test your applications and data access points with automated attack systems, pen testers and application security testers, and you must do this constantly.
There are only a few types of hackers – those that want to prove a point, gain respect or learn, those that are concerned about something you may be doing, and the last and most important of these are those that want your gold (data) or are in it for the money.