INFRA
INFRA
INFRA
Report finds web application attacks are still unduly high across cloud services
A new report from security firm tCell Inc. has found that web application attacks are still unduly high across Amazon Web Services Inc., Google Cloud and Microsoft Azure instances.
The Security Report for Web Applications Q2 2018 evaluated 316 million security incidents concluding that attacks against the application are growing in volume and sophistication. As a result, they continue to be a major threat to business.
Of the attacks, the research found that XSS, SQL injection, automated threats, file path traversals and command injection were now the most common types of security attacks. That’s a change from findings published in the Open Web Application Security Project Top 10 list of web application threats and security flaws.
The report noted that difference between the two findings is that tCell protects applications in-production that reside in the AWS, Azure and Google cloud environments, proving a “unique perspective on application security in production and the nature of the attacks themselves.”
Web application developers are doing themselves no favors in terms of implementing best practice with the report finding that 90 percent of active applications use libraries with a known Common Vulnerabilities and Exposures listing, with 30 percent more using a library with a critical CVE.
Patching was no better, with critical CVEs taking on average of 34 days to be patched, only four days faster than the average time to patch overall regardless of severity.
“Real-world web apps are under constant attack,” Michael Feiertag, chief executive officer of tCell, said in a statement. “For security operations teams, finding the successful attack amidst all the noise is like finding a needle in a haystack of needles. Improving visibility and reducing the resource strain that these attacks put on the system are the reasons why companies are deploying runtime application self-protection technology. It is imperative that secure coding practices become a critical part of the larger landscape in order to stop vulnerabilities at the source, but even more important is the ability to protect these applications once they have moved out of the testing environment and into production.”
Image: Maxpixel
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
