Software and web application development companies spend a fortune to ensure that their applications are protected against attacks from all kinds of threats. Here are the 6 different types of threat agents that can exploit any security issues in web applications.
General Non-Target Specific
These threats do not specifically target a particular web application. Viruses, Trojans and worms are usually designed to create as much havoc as possible, no matter which application they infect. If a web application is attacked by one of these threats, the chances that the application was specifically targeted are very remote.
Very often, the threat to web application security is not from the outside, but within the organization. Ask any security exert about internal threats and they will be able to recollect numerous incidents about rogue employees who worked from within to exploit the security weakness of a web application. Quite often, the internal threat is some member of the staff or a contractor on a personal vendetta against the company.
Use the word ‘mafia’ and the first thing that comes to mind is the image of Don Vito Corleone from The Godfather making an offer no one can refuse. The Internet mafia may not wear fine Italian suits, but they are very much real and eager to exploit loopholes in web application security. Cyber cops from police organizations around the world have been tracking a steady rise in the number of criminal organizations that specialize in launching attacks against applications.
In the history of rivalry between corporations, espionage and sabotage have always had a focal role to play. The same continues into the digital age. It is not unheard of for corporations to launch attacks targeting a rival corporation’s web application. The purpose of doing so is to either gain access to some sensitive information, including the source code for the application, or to sabotage a rival’s reputation by showing their application to be vulnerable.
Human error can often play a massive role in the security breach of a web application. Whenever an application developer detects a security issue, the first troubleshooting step is to always rule out human error. We all know that one colleague who writes down their passwords on a piece of paper and leaves them lying around in places where they can easily get lost or stolen. Even something like that can pose a serious hazard to web application security.
Yes, natural calamities like earthquake, floods and fires can have an effect on web application security. All software depends upon some kind of hardware in order to operate. Natural calamities can cause serious harm to the hardware components, thus leaving the application vulnerable until the issue is resolved. Using the most advanced secure code review tools may help detect and fix flaws in the source code, but there isn’t much they can do against natural calamities.
Always remember the 6 categories of threats when designing web applications that can repel such attacks, or at least have some sort of contingency plan to deal with them.
Tom Rhoddings is an avid blogger and author of this guest post. He helps provide assistance in developing and securing various web applications.