Web Application Attack to Breach Ratio Still High
September 06, 2018

In evaluating 316 million incidents, it is clear that attacks against the application are growing in volume and sophistication, and as such, continue to be a major threat to business, according to Security Report for Web Applications (Q2 2018) from tCell.

The majority of web application attacks are the result of overall scanning for vulnerabilities; however, many others are real attempts to compromise a particular target. Last year, tCell reported that the attack to breach ratio for web applications is 1,200 to 1. This report confirms that ratio is still in effect and identified five confirmed cross-site scripting (XSS) breaches. Web application attacks are noisy because hackers are using automated attacks to probe web applications for weak spots. The findings showed that 47 percent of companies were targeted by automated attacks.

"Real world web apps are under constant attack. For security operations teams, finding the successful attack amidst all the noise is like finding a needle in a haystack of needles," said Michael Feiertag, CEO of tCell. "Improving visibility and reducing the resource strain that these attacks put on the system are the reasons why companies are deploying runtime application self-protection technology."

tCell found that XSS, SQL injection, automated threats, file path traversals and command injection were the most common types of security attacks. These differ from the 2017 OWASP (Open Web Application Security Project) Top 10 list of web application threats and security flaws. The main reason for this difference is that tCell protects applications in-production that reside in the AWS, Azure and Google cloud environments. This provides a unique perspective on application security in production and the nature of the attacks themselves.

In looking at Common Vulnerabilities and Exposures (CVEs), tCell found that 90 percent of active applications use libraries with a known CVE -- 30 percent used a library with a critical CVE. Patching a critical CVE took an average of 34 days, only four days faster than the average time to patch overall regardless of severity. This demonstrates an overall improvement in time to remediation, which previously could take weeks to months, and the ability of organizations to track the business criticality of the application, understand the severity of the vulnerability and prioritize production security issues.

As interconnectivity of businesses and applications grow, the attack surface area is also growing through the use of APIs. tCell found that this represents a critical blind spot to security and operation teams. On average, each application had 2,900 orphaned routes or exposed API endpoints without a current business function. In fact, 92 percent of all routes and API endpoints are orphaned.

tCell protects web applications at runtime by installing an agent on the application server and browser. When looking at browser-based attacks such as XSS, clickjacking and cryptomining, 0.31 percent of users' browsers were infected with malware. To protect systems from cryptomining and the resulting drain on computing resources, it is essential to block the initial attack. Eliminating the ability to land a XSS attack dramatically decreases the likelihood of a successful cryptomining attempt.

"The frequency of web application threats makes it difficult for organizations to keep their web application firewalls running effectively and impact their ability to implement updates to security systems," added Feiertag. "The rapid growth of DevOps, containerization, microservices and cloud deployments have made it more essential to secure apps in production, yet simultaneously more difficult to do so. It is imperative that secure coding practices become a critical part of the larger landscape in order to stop vulnerabilities at the source, but even more important is the ability to protect these applications once they have moved out of the testing environment and into production."

The Latest

September 24, 2018

From how applications and infrastructure are developed, configured and built to how they are tested and deployed, pervasive automation is the key to achieving better efficiency and standardization that gives companies the competitive edge. Pervasive automation is the concept of scaling automation broadly and deeply across the entire software delivery lifecycle ...

September 20, 2018

The latest Accelerate State of DevOps Report from DORA focuses on the importance of the database and shows that integrating it into DevOps avoids time-consuming, unprofitable delays that can derail the benefits DevOps otherwise brings. It highlights four key practices that are essential to successful database DevOps ...

September 18, 2018

To celebrate IT Professionals Day 2018 (this year on September 18), the SolarWinds IT Pro Day 2018: A World Powered by Tech Pros survey explores a "Tech PROactive" world where technology professionals have the time, resources, and ability to use their technology prowess to do absolutely anything ...

September 17, 2018

The role of DevOps in capitalizing on the benefits of hybrid cloud has become increasingly important, with developers and IT operations now working together closer than ever to continuously plan, develop, deliver, integrate, test, and deploy new applications and services in the hybrid cloud ...

September 13, 2018

"Our research provides compelling evidence that smart investments in technology, process, and culture drive profit, quality, and customer outcomes that are important for organizations to stay competitive and relevant -- both today and as we look to the future," said Dr. Nicole Forsgren, co-founder and CEO of DevOps Research and Assessment (DORA), referring to the organization's latest report Accelerate: State of DevOps 2018: Strategies for a New Economy ...

September 12, 2018

This next blog examines the security component of step four of the Twelve-Factor methodology — backing services. Here follows some actionable advice from the WhiteHat Security Addendum Checklist, which developers and ops engineers can follow during the SaaS build and operations stages ...

September 10, 2018

When thinking about security automation, a common concern from security teams is that they don't have the coding capabilities needed to create, implement, and maintain it. So, what are teams to do when internal resources are tight and there isn't budget to hire an outside consultant or "unicorn?" ...

September 06, 2018

In evaluating 316 million incidents, it is clear that attacks against the application are growing in volume and sophistication, and as such, continue to be a major threat to business, according to Security Report for Web Applications (Q2 2018) from tCell ...

September 04, 2018

There's a welcome insight in the 2018 Accelerate State of DevOps Report from DORA, because for the first time it calls out database development as a key technical practice which can drive high performance in DevOps ...

August 29, 2018

While everyone is convinced about the benefits of containers, to really know if you're making progress, you need to measure container performance using KPIs.These KPIs should shed light on how a DevOps team is faring in terms of important parameters like speed, quality, availability, and efficiency. Let's look at the specific KPIs to track for each of these broad categories ...

Share this