Tag Archives: well
How could Web application (in)security affect me?
Nearly 55 percent of all vulnerability disclosures in 2008 affected web applications.
Web applications have become the major hunting grounds for cyber criminals who quite rightly view them as low hanging fruit. Just as building new motorways improves access for traditional burglars and car thieves, web applications internet accessibility literally delivers them to the hackers doors.
For some time now, cyber crime has simply been another arm of organised crime. And organised crime is pouring a substantial portion of its vast resources into cyber crime … because the return on investment is very high.
Organised crime goes to great lengths to get its hands on any information and the more confidential it is, the better. Once theyve hacked into an application, they can either make use of it themselves or sell it on to others. They can also take control of the various resources such as servers and databases that house that information and turn a profit from that as well.
Having gained control of your computing power by exploiting vulnerabilities and adding code to your application, they add your power to their existing haul and create botnets a global network of robots reporting to their master command-and-control node which can be directed to attack other organisations, or sold to other criminals who, once they hold enough power, can orchestrate denial of service attacks.
No longer is it enough for these criminals to boast of their hacking prowess; these days its all about the money. Given that a properly engineered denial of service attack is powerful enough to bring down pretty much any global multi-national corporation or, in fact, any small country and take them off-line for the duration, this is not about bragging rights, its extortion. It is money-motivated from start to finish.
Because all information and all computing power is grist to the mill for the criminals, no company is too small and certainly no company is too big to be targeted. And as the security in large enterprises is often no better than small entities, size is truly no barrier to the criminals.
And no business can afford the consequences of a security breach. At the very least, mismanaging confidential information almost always leads to reputational damage. Reputational damage leads to departure of existing clients as well as difficulty attracting new business a situation that can go on for many years. There are obvious bottom line implications to those consequences; in the most extreme cases, businesses can go under.
According to IBMs X-Force 2009 Mid-Year Trend and Risk Report, the predominant risks to web applications are from cross-site scripting, SQL injection and file include vulnerabilities.
Cross-site scripting vulnerabilities occur when web applications do not properly validate user input, thus allowing criminals to embed their own script into a page the user is visiting. This script can steal confidential information or exploit existing vulnerabilities in the users web browser. Cross-site scripting vulnerabilities are typically exploited in phishing attacks by sending users a malicious link to a page in a legitimate domain name via email. The criminals get high returns because users trust the familiar domain name they are visiting and thus trust the links (created by the criminals) therein.
SQL injection vulnerabilities are also about improperly validated user input, but in this case that input includes SQL statements that are executed by a database, giving attackers access to that database to read, delete and modify sensitive information (like credit card data) as well as embedding code into the database allowing attacks against other visitors to the web site.
File-include vulnerabilities occur when the application is forced to execute code from a non-validated remote source, allowing criminals to take over the web application remotely. This category includes some denial-of-service attacks as well as techniques that allow criminals direct access to files, directories, user information and other components of the web application.
Facilitating all these kinds of attacks is the fact that many web sites contain some code to support various features and functions which inadvertently introduces vulnerabilities.
Russian roulette, anyone?
How could Web application (in)security affect me?
Nearly 55 percent of all vulnerability disclosures in 2008 affected web applications.
Web applications have become the major hunting grounds for cyber criminals who quite rightly view them as low hanging fruit. Just as building new motorways improves access for traditional burglars and car thieves, web applications internet accessibility literally delivers them to the hackers doors.
For some time now, cyber crime has simply been another arm of organised crime. And organised crime is pouring a substantial portion of its vast resources into cyber crime … because the return on investment is very high.
Organised crime goes to great lengths to get its hands on any information and the more confidential it is, the better. Once theyve hacked into an application, they can either make use of it themselves or sell it on to others. They can also take control of the various resources such as servers and databases that house that information and turn a profit from that as well.
Having gained control of your computing power by exploiting vulnerabilities and adding code to your application, they add your power to their existing haul and create botnets a global network of robots reporting to their master command-and-control node which can be directed to attack other organisations, or sold to other criminals who, once they hold enough power, can orchestrate denial of service attacks.
No longer is it enough for these criminals to boast of their hacking prowess; these days its all about the money. Given that a properly engineered denial of service attack is powerful enough to bring down pretty much any global multi-national corporation or, in fact, any small country and take them off-line for the duration, this is not about bragging rights, its extortion. It is money-motivated from start to finish.
Because all information and all computing power is grist to the mill for the criminals, no company is too small and certainly no company is too big to be targeted. And as the security in large enterprises is often no better than small entities, size is truly no barrier to the criminals.
And no business can afford the consequences of a security breach. At the very least, mismanaging confidential information almost always leads to reputational damage. Reputational damage leads to departure of existing clients as well as difficulty attracting new business a situation that can go on for many years. There are obvious bottom line implications to those consequences; in the most extreme cases, businesses can go under.
According to IBMs X-Force 2009 Mid-Year Trend and Risk Report, the predominant risks to web applications are from cross-site scripting, SQL injection and file include vulnerabilities.
Cross-site scripting vulnerabilities occur when web applications do not properly validate user input, thus allowing criminals to embed their own script into a page the user is visiting. This script can steal confidential information or exploit existing vulnerabilities in the users web browser. Cross-site scripting vulnerabilities are typically exploited in phishing attacks by sending users a malicious link to a page in a legitimate domain name via email. The criminals get high returns because users trust the familiar domain name they are visiting and thus trust the links (created by the criminals) therein.
SQL injection vulnerabilities are also about improperly validated user input, but in this case that input includes SQL statements that are executed by a database, giving attackers access to that database to read, delete and modify sensitive information (like credit card data) as well as embedding code into the database allowing attacks against other visitors to the web site.
File-include vulnerabilities occur when the application is forced to execute code from a non-validated remote source, allowing criminals to take over the web application remotely. This category includes some denial-of-service attacks as well as techniques that allow criminals direct access to files, directories, user information and other components of the web application.
Facilitating all these kinds of attacks is the fact that many web sites contain some code to support various features and functions which inadvertently introduces vulnerabilities.
Russian roulette, anyone?
Google Places SEO: The Best Way To Set-Up Your Own Online Business Listing
Have you had your own experience of setting up your own Google Places page however eventually, found that you’re one of the last results in Google places results? Well, I did. My major oversight is that I’m not really conscious that you can use Search Engine Optimization for your Google Places list. However as with other business online, you have to optimize your listing to get far better revenue.
Placing the right content material online just like on Google Places is extremely important simply because this will work as your primary data and contact information to your business. But believe me, in terms of obtaining the right content material on Google Places, you will shortly realize that this seemingly simple task is rather tedious and you should continually have to confirm that you own that Google Place.
You must also know that there are specific tips to make your Google Places more efficient and search engine friendly. For example, in addition to getting the right information, you have to to list the best key words for Google and search engine optimization. In this way, you will be able to rank well on search engines webpages, allowing more people to find your Google Places page.
Hence my issue is: I needed to set-up as well as optimize my Google Places listing however I do not have enough money to employ a professional to make it happen for me.
And So I did a research on the web concerning individuals who may help me set-up my personal Google Places with SEO so I can stand out when people search for my business online.
Fortunately, I did find one whom I know may help me do just that. I came across HelpYourBusiness.com.au and they were very helpful and also accommodating with my request.
I was amazed on how great they are as they are aware of the significance of Search Engine Optimization (SEO) and they are very kind to explain to me just how SEO may benefit my business. It was very easy, all I had to accomplish is report a 3-5 minute speech to give then a rundown about my business and to customize the Google places search engine optimization keywords and they took good care of the rest.
I started hiring them and choose to have the Google places search engine optimization servicing monthly deal. On a monthly basis I give them a different summary of what has happened in my business and they add the content in my Google places which will keep it new and latest and I dont have to lift a finger. I recommend HelpYourBusiness.com.au for your Google places search engine optimization solution.