14 DAY TRIAL // FireHost, a company that specializes in secure cloud hosting, has released its web application attack report for the third quarter of 2012. The results are based on the 15 million cybattackes blocked by the company in the US and Europe during this period.
The most prevalent types of attacks – the ones that posed the greatest threats – were SQL Injections, Cross-site Scripting (XSS), Cross-site Request Forgery (CSRF) and Directory Traversals.
Of these, XSS and CSRF were the most common, representing 64% of the aforementioned types of attacks. XSS occupies the top position with over 1 million attacks blocked in the third quarter, followed by CSRF with more than 840,000 attempts.
“Cross-site attacks are a severe threat to business operations, especially if servers aren’t properly prepared. It’s vital that any site dealing with confidential or private user data takes the necessary precautions to ensure applications remain protected,” said Chris Hinkley, senior security engineer at FireHost.
“Locating and fixing any website vulnerabilities and flaws is a key step in ensuring your business and your customers don’t fall victim to an attack of this nature. The consequences of which can be significant, in terms of both financial and reputational damage.”
The severity of XSS and CSRF attacks – both of which leverage the trust factor between a website and its users – depends a great deal on the type on information handled by the target.
The fact that these types of attacks are becoming more and more dangerous is reinforced by the patches released recently by Microsoft and Google.
Although the number of Directory Traversal and SQL Injection attacks has decreased in the past three months, experts warn that they still pose a great threat, especially now that the holiday season is approaching.