Are your web applications secured?
In an ideal world legitimate users would be the only ones to interact with your application. Unfortunately, the reality is that malicious users may have other intentions and motives. Today’s hackers use more advanced methods that allow them to target and attack the web application itself.
If you operate a website that provides a service to users — customers, employees, partners, etc. — then you’re likely running a web application. In fact, there’s a good chance you have multiple web applications spanning a diverse collection of operating systems, database software and storage devices. Every single time users interact with your website, they make a connection to your web servers, which interact with your database servers, which read and write to and from your storage servers.
Two of the most common web application attacks are:
- SQL injection (SQLi) — Attackers can run unauthorized commands against your database servers and access or delete sensitive data.
- Cross-site scripting (XSS) — In the most common scenarios, attackers post malicious data to a website (such as a message board). When other users navigate to that page, the data can interfere with their browser sessions, steal their data or even deface the website.
Web application attacks are increasing in both frequency and severity every year (acunetix.com). Many organizations don’t have the expertise or resources to adequately protect themselves from all threat vectors. Even larger organizations with dedicated security staff are finding it difficult to stay ahead of the competition, as new vulnerabilities are discovered nearly every day.
Fortunately there is hope. Verizon Digital Media Services’ Web Application Firewall (WAF) gives you a fighting chance against these attacks. Traditionally, WAFs were physical devices that an organization would need to purchase, install, configure and monitor. If traffic grew too large for the organization’s WAF to manage, additional hardware had to be purchased, otherwise the entire project had to be scrapped. With Verizon, you have no hardware or software to maintain — everything runs on our network.
Verizon’s WAF monitors your web application traffic and blocks all requests that it identifies as malicious, thereby defending your website against web application attacks (including the SQLi and XSS attacks we described earlier). Moreover, Verizon provides an easy-to-use management console with granular rule controls so that organizations can customize their defense settings to suit specific business needs.
Since your traffic is traveling through Verizon’s CDN, we’re perfectly situated to inspect it for malicious data, thereby protecting your website, your users and your data from compromise. And if you don’t want to lift a finger, you can engage our amazing Security Professional Services team to handle all setup and traffic analysis for you.
During the time it took to read this blog, hundreds of web applications have been compromised. Will yours be next?
Chris Herrera, Senior Security Solutions Architect
For more posts in our security series please read: