Cybercrime is on the rise and in 3 of 4 security breaches, hackers target vulnerable applications instead of the backend infrastructures. However, this trend is surprising because the risk reduction is quite simple.

The Attack
A common application layer security breach is not too complicated. Cyber criminals often use a standard computer and operating system, and with basic IT knowledge, they can conduct highly effective cyber thefts. All over the internet or locally available applications can become a victim of an application layer attack.

Since several years open web application security project (OWASP) provides statistics on most frequently used vulnerabilities. About 2 of 5 attacks are SQL injection or cross-side scripting (XSS).  The SQL injection vulnerability, for instance, allows cyber thefts eventually to bypass the login procedure by using ‘OR 1=1–‘ instead of a valid password.

The Risk Mitigation
Application layer firewalls are essential, but they will not provide sufficient protection against application tier attacks. Even hardening of your infrastructure does not reduce the risks related to becoming a victim of such an attack. The good news is; the risk mitigation is manageable.

Firstly you should educate your developers how to implement applications which are robust against top vulnerabilities.

Secondly, you should eliminate security issues from the root. Use Enterprise Security API to filter user input and never access your database without prepared statements.

Finally, you should regularly execute secure code reviews according to security standards.

Besides this, it’s better to use standard libraries for critical areas such as encryption instead of re-inventing the wheel.



Posted by JM

Resourceful, solution-focused and intuitive reliability engineer with over 15 years of demonstrated success in architecting, developing and maintaining effective testing and monitoring solutions. Offers a wealth of knowledge and experience surrounding modern application architecture and development of best practices.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s