When you consider security solutions, there is no catchall Internet security solution that addresses every web application security challenge. A multi-layered approach to Internet security is the most effective way to guard against all types of cyber-attacks, including DDoS, application-layer attacks and data breaches. But this is much more security technology and tools. You need to add what we call "Internet hygiene" to your defenses - taking internal measures to identify and minimize vulnerabilities in your websites and web applications.
What is the most vulnerable area of your Internet-facing network or your web applications? What are the most likely entry points for DDoS attacks and application-layer attacks? If you don't know the answer to those questions, your website and web applications are at high-risk for being targets of cyber attacks. Therefore, the first step in good Internet hygiene is identifying the common web application vulnerabilities and knowing how to find them in your own network. Here's a road map to get you started:
- Custom-built applications - How secure are the design and implementation of your homegrown apps? Cyber criminals can easily find vulnerabilities in custom-built applications as they probe different areas of your network.
- Third-party software - Criminals know that it's easy to attack through vulnerabilities in third-party software commonly used in web applications. Plug-ins, blog software and web forum software are all prone to these weaknesses, especially if the application vendors have not kept up with patches and other software updates.
- Web servers -Criminals have discovered that it they can build powerful botnets by taking over web servers, rather than user machines, because they have greater bandwidth and can be used to generate much bigger attack volumes later.
Chapter 5 in Akamai's eBook, "Threats and Mitigations: A Guide to Multi-Layered Web Security", expands on the types of weak spots you should be looking for - and fixing - in your network. Here you'll find a list of the top 10 web application vulnerabilities compiled by the Open Web Application Security Project (OWASP), as well as additional details on the three key areas we mentioned above. In next week's follow-up post we'll look at ways to improve Internet hygiene and "clean up" common web application vulnerabilities.
Download our eBook "Threats and Mitigations: A Guide to Multi-Layered Web Security" to get started now. Learn everything you need to know about the types of cyber threats, how to secure websites, how to protect applications against data theft, how to choose a web security solution, and how to make your network less vulnerable to attack.