With growing internet usage and the ever increasing web applications online, the amount of data that is entrusted to the web has sky rocketed. Due to which web application security has become more challenging then ever. With 70 percent of the world’s hackers focused on attacking web applications worldwide its no surprise that website like twitter even fell short on security for web attacks in 2010.
Jeremiah Grossman founder and chief technology officer of White Hat Security in Santa Clara believes the probability of web attacks likely in 2010 has increased greatly because of fragmented systems that we have developed. “Our security systems are now fragmented and distributed.” Says Jeremiah, talking abut the recent twitter attack, the reason why it happened was because now our systems aren’t centralized, the division of task helps hackers to find alternate paths to the host. In the twitter attack the hackers gained account information from the DNS provider and used that to gain access into the host. “End-users and employees have accounts all over the place,” Grossman says. A common man has several accounts with highly sensitive data over the internet, if the hacker is able to crack through one account; he has access to pretty much all accounts of the same person. This issue is not something new but has been part of web problems for a long time. All though it is usually thought that writing your passwords down is not a safe action but Grossman differs from this theory. Because according to him people should have different passwords for each and every account, possibility of the physical list of passwords being stolen is lesser than a password doing double duty on web. Grossman particularly points out the problem of rising number of web attackers, the increase in malicious scripts hidden in compromised Web pages that exploit user credentials stored in the browser, by sending requests for changing passwords or online banking requests.
However he does have good news for the web users, the recent growth in development of web based application security has improving web application security. The cloud-based offering should allow the technology “to get mass scale and adoption very quickly,” Grossman says. So you’ll have increased security against web attacks 2010 and the attacks won’t reach the customer’s site. And remember just use a bit of common sense when you’re requested by unknown websites about your personal information and avoid unnecessary exchange of sensitive information on the web.