Web Applications are compromised daily and now account for the majority of vulnerabilities on the Internet.
Web application weaknesses are a major way that cyber criminals, working with hacking techniques, can steal sensitive data. With this data, nefarious crooks can affect companies and individuals alike; there is little distinction between Fortune 500 Companies and an end user with a credit card. They often just follow the path of least resistance.
Online data theft is not a game. While some hackers will brag about having breached the security of a web application and gained access to sensitive data, the criminals have money, not bragging rights in their cross-hairs. Extortion is sometimes the name of the game. If data can be held at ransom by thieves, depending on how sensitive the data is, they can demand a huge sum of money.
The ways that companies and individuals are affected by web application attacks are numerous. Imagine this "what if" situation. A large Fortune 500 company is attacked by an orchestrated attack and the credit card numbers are taken and held at ransom by an organized crime group. Word gets out and the Fortune 500 company under goes a huge investigation and security audit. The clients and customers of the company lose trust in the security of the company and start taking their business elsewhere. The company then starts losing revenue and the customers begin to find that their credit cards are being charged illegally. The credit card companies are involved and are losing money as well. Nobody is immune to these web application attacks, whether its large company or one individual.
As programmers design web applications to be more accessible and easy to use, often these features are targets for crime groups to attack. Programmers must protect their applications by following secure coding practices to filter out any attacks and create a safe place for their clients customers to do business.
One of the major ways hackers breach a web application are through SQL injection attacks. SQL injection attacks can be used to access sensitive data or do any number of destructive things to the data stored in the web application's database. Cross-site scripting attacks are also prevalent. This attack occurs when malicious code is inserted and executed when a user loads an infected page. Denial of service attacks are also popular. This happens when the network hosting a web application is swamped with useless requests sent out by the criminals which creates so much traffic that the network or system crashes.
Itís a wild world out there...