February 23, 2009

Why Care About Web Application Security?

Read a few stats and details on breached companies to see why you should care about Web application security

These stats have been mentioned on the blog before, but when you read about the real-world examples of companies who’ve been breached, it emphasizes the importance of Web application security.

87% of Websites are vulnerable to attack
-Source: SearchSecurity – January 2009 http://blog.cenzic.com/public/item/224296
Malware on legitimate Websites has doubled in 6 months
-Source: IT PRO – 2008
http://blog.cenzic.com/public/item/224248
$6.6 Million is the average cost of a data breach
-Source: Ponemon Institute – January 2009 http://blog.cenzic.com/public/item/225412

Here are a few real-world examples of cyber attacks:

Breached Company	Type of Attack	Financial Impact
Credit card processing company	An investigation uncovered "malicious software" that compromised data in the network.	Too soon to tell. However, the company’s brand name will forever be associated with one of the largest security breaches in history, as over 100 million records were compromised. Just informing customers via hard copy mail will cost over $24M dollars. Class action lawsuits on behalf of the card holders are currently forming.
One of the biggest newspapers in the US	CSRF (Cross-Site Request Forgery) Vulnerability	No financial damages were reported, however the bad press didn’t help already-lagging newspaper subscription revenues.
Large media conglomerate	iFrame Attack, malicious code and XSS vulnerabilities	Too soon to tell, as the TV broadcasting site infected many Internet visitors. Damage was done to the company’s brand name and they had to take down the infected Web sites.
Large retailer	US DOJ revealed that hackers used a combination of wardriving, sniffer software, and SQL Injection attacks.	This incident was dubbed one of the “Top Cyber Security Breaches in 2008” as hackers stole over 45.6 million credit and debit card numbers. The company spent over $150 million settling shareholder lawsuits associated with this breach.
Social media Web site	XSS (Cross-Site Scripting) Vulnerability	Too soon to tell, as this is an on-going issue with this popular social media company, where millions of its members are being infected with malware, adware and spyware. So far, the flaws haven’t been fixed.

by
Erin Swanson
ESwanson@cenzic.com

Topic Tags: web application security

by Erin Swanson

↑top

link to this

Post a Comment

Title:

Summary:

Comment:

Links:

Your info:

Name:		Required; will be displayed with comment.
E-mail:		Required (in case we need to contact you); will NOT be displayed with comment.
Web:		Optional; will use to hyperlink your name in the comment.
Twitter:		Optional; allows visitors to follow you on Twitter.
Save this in my browser

Verification:

Type the characters you see in the picture above.

Letters are case sensitive.

Notice: Your thoughtful opinions are valued and encouraged, but all comments are moderated so there will be a delay between the time you post your comment and when it appears in this site. Please don't be offended if your comment is edited for clarity or to avoid questionable matters. Offensive or off-topic comments will be deleted.