Press Release (ePRNews.com) - Apr 11, 2016 - Penta Security Systems, Inc. has released its bi-annual Web Application Threat Report from detection reports gathered and analyzed in the second half of 2015. Data is compiled from approximately 1,000 separate units of Penta Security’s Web Application Firewall (WAF), WAPPLES. The units are from customers who have consented to the threat report, and Penta Security does not release any sensitive customer data. Through this report, customers are able to gain insight on the newest trends in web application threats, and gain assistance in planning accordingly for future attacks.
In the second half of 2015, the threat report found that a significant portion of the attacks were Vulnerability Assessment attacks (roughly 400 million detections), with many labelled as “Critical” in terms of risk levels. Vulnerability Assessment refers to when attempts are made to determine the vulnerabilities of a web server.
“When infiltrators to the system succeed in their target, there could be a multitude of issues… Our hope is that through our analytical reports, there can be a push for better access control in order to better prepare to face these types of trends head-on, especially for those responsible for server security.”
For web attacks corresponding to OWASP (Open Web Application Security Project) Top 10 attacks, Injection was the most prevalent, at 31%. Injection, where malicious codes are inserted in order to attack applications, causes extensive damage despite the comparatively easy execution process. Second, a high detection was measured for Security Misconfiguration at 26%. Security Misconfiguration attacks are when security settings are re-defined and the system is compromised, giving hackers access to private data.
The report additionally includes the “WAPPLES Black List Top 30,” a list of source IPs from various countries and networks that have been categorized as spam or hacking with high danger levels.
Penta Security’s Head of Planning, Duk Soo Kim, stated, “When infiltrators to the system succeed in their target, there could be a multitude of issues as a result of attacks: information leakage, defacement, and even complete server malfunction.” He continued, “Our hope is that through our analytical reports, there can be a push for better access control in order to better prepare to face these types of trends head-on, especially for those responsible for server security.”
For the full copy of the threat trends report from the second half of 2015, please visit www.pentasecurity.com/en/web-attack-trends/