Hacking is a big issue that we face today. An application is a computer program with an interface, enabling people to use the computer as a tool to accomplish a specific task. APPSEC provides application security, the use of software, hardware, and procedural methods to protect applications from external threats.
Since 2005, there have been 738,839,688 estimated records that were breached. That is equivalent to the population of North, Central, and most of South America (the combined population of these countries totals 942 million people). Websites, internet users, and the number of devices connected to the internet are constantly increasing which means more work for hackers. In just 3 years, web applications jumped from 1.9% to 52% as a percentage of published vulnerabilities.
There are many different methods when it comes to attacking. The most common form of attacking is SQL Injection making up 34.1% of attacks. Coming in closely to SQLI is cross-site scripting with 26%. Other attacks include cross-site request forgery, denial of service, brute force, and other various means.
Cross-site scripting is the process of adding malicious code to a website that can execute in a user’s browser. So, odds are you have a vulnerability. The potential outcomes of XSS (cross-site scripting) include account hijacking, cookie theft, false advertising or other modifications. XSS vulnerabilities were found in 71% of vendor supplied web application builds. In 2012, MTV, Google, IBM, Skype, WordPress, Apple, and various other companies had XSS vulnerabilities found in their software.
SQL Injection is when a coding flaw is explicited to embed malicious code producing a query that can access otherwise inaccessible data. Attackers may be able to create, read, modify, or delete sensitive data stored in a database. Out of the vendor supplied web application builds, 40% contain a SQL Injection flaw.
There were 3 major SQLI attacks in 2012. The first attack was #projectwhitefox where hackers gained access to 31 targets including NASA, the FBI, Interpol, the Pentagon, and numerous other educational and government organizations. The next large attack was Linkedin where Russian hacker “dwdm” accessed and leaked millions of passwords. Lastly, we have the largest attack in 2012 which was Gamigo. Gamigo occurred in Hamburg, Germany in July when hacker “8in4ry_Munch3r” accessed user account credentials.
So, how safe are we when it comes to the Internet?
Infographic by Veracode Application Security