Applications play an important role in our lives. Applications facilitate communication and help us in various different ways. At work, in our day-to-day lives, in how we communicate and how we access information. Despite this, applications can also pose a security threat. Poorly coded applications with inadequate security can result in attacks, and worst-case scenario – data breaches. Web application attacks are lucrative targets for hackers, and they are constantly looking for new ways to access, steal and delete business data and personal data.
2021 was the year of web application attacks. Between 2020 and 2021, the number of malicious web application requests increased with 88%, which was more than double from the 2020 distributed denial-of-service (DDoS) attacks, which were up with 37%.
Most common threats to web applications
The OWASP (The Open Web Application Security Project) lists the 10 most common threats to applications each year. The report also specifies some of the actions companies can take to counteract each type of attack. You can find the report here.
The reports show a clear change from 2017, and which also meant the introduction of new threats.
What can you do to protect your company?
Some of the main reasons why attacks on web applications are successful are due to an insufficient level of security, and the lack of a security focus when developing applications. Thus, usually the biggest challenge does not lie in the technical specifics, but in the management’s mindset when it comes to prioritizing security in business and product development. Nevertheless, there are ways to improve the security of applications, some of which we will guide you through now.
Foster Security by Design – Also, implement a security mindset in the corporate culture, and ensure that it is reflected throughout the entire application life cycle – from early development to launch and post-launch.
Use a Web Application Firewall – A WAF can prevent the most common attack types, such as SQL injection and cross-site scripting. We have previously written about what a Web Application Firewall is and how it works.
Test security, and do it regularly – To ensure a high level of security, applications need to be tested regularly. Unfortunately, this is something that is often overlooked. Performing penetration tests on your applications is fundamental and an effective way to evaluate the security of applications. You can then identify vulnerabilities and security gaps before hackers do.
Integrate with other security measures – When it comes to information security, one should think in layers. Protecting web applications is one aspect, but there are other layers of security. We recommend that you have protection against DDoS attacks in place, protect your Domain name system (DNS) and encrypt important data using for example an HSM. The OWASP has created the The OWASP Cheat Sheet Series, which was made to provide of simple good practices to follow on specific application security topics. You can find the cheat sheets here.