Web application security

Web application security

Many people understand how important it is to have web application security both in the e-commerce . One of the primary concerns for organizations is attacks by appsec. However, there are many other very dangerous attacks, including cross site scripting, SQL injection and http verbse attack. Data loss is one of the most common issues following one of these attacks. However, data loss would be the least of an organization’s concerns considering attackers are generally also able to get access to the specific pieces of data they are looking for. An example of why web application security is so important is for when SQL injection allows an attacker to get access to credit card information or data relating to a person’s identity. This is often the type of information that hackers are after of course.

 

Example 1

In SQL:

select id, firstname, lastname from authors

If one provided:

Firstname: evil’ex

Lastname: Newman

the query string becomes:

select id, firstname, lastname from authors where forename = ‘evil’ex’ and surname =’newman’

which the database attempts to run as

Incorrect syntax near al’ as the database tried to execute evil. (continue reading…)