Just for example, a recent version of WordPress – a platform that’s used to run thousands of websites – was discovered to host a SQL injection vulnerability, which would allow attackers to insert and run code into a website at will. SQL injection attacks are a common way for hackers to infect websites – they’re easy to use, and such vulnerabilities are easy to find.
As easy as it is for hackers to employ SQL injection attacks, it’s also relatively easy for sites to guard against them. However, not every hacker is going to use such a basic technique. What advanced techniques are hackers starting to employ against web applications – and what makes cloud-hosted web applications so vulnerable in particular?
Taking Shared Responsibility For Granted?
For major cloud providers both clients and cloud hosts share responsibility for security. Since the host is providing the physical infrastructure – servers, switches, routers, and so on – they’re responsible for securing that hardware and the network that it comprises. Cloud customers are responsible for everything that sits on top of that hardware and that network – the data, the application holding the data, and the traffic running in and out of the cloud deployment.
One problem for cloud adopters is that business leaders may not understand the extent or the importance of the shared responsibility model. Many may think that since Amazon (or Microsoft, or Google, or IBM) provides some degree of cloud security, then that degree of security is sufficient to protect their entire implementation. This is evidenced by the fact that:
- The cloud makes it easy for people with no security experience to set up web applications, resulting in 175,000 misconfigured cloud applications in 2017 alone.
- Over 50% of mid-companies don’t have an updated risk-assessment strategy that would take cloud security into account.
Although many attackers spend their time going after relatively low-hanging fruit, more sophisticated enterprises can be vulnerable to more sophisticated attacks.
Open Application Access is a Vulnerability for Web Applications
Web applications are getting more complex, which means opening more channels for customer interaction – and more opportunities for hackers. Imagine a scenario where a healthcare company lets users upload a scanned insurance application, a bank accepts a scanned image of a check for a deposit, or a hiring company accepts a resume document. These are all avenues that both ordinary consumers and attackers take advantage of.
Hackers commonly use infected .docx files in their attacks, and malicious image files have become increasingly common. A tool known as Stegosploit lets attackers hack a user’s computer if they so much as click on an image. Other attackers are using infected images to take over websites and force them to install cryptocurrency mining software. As long as cloud customers fail to update the security of their web applications, these kinds of attacks will continue to proliferate.
Safe-T helps cloud customers prevent malicious file uploads and other attacks via Anonymous Application Access. This technology places an organization’s security tools inline with their web application, rapidly scanning files without opening a hole in your firewall. This greatly simplifies the process of launching new web applications in the cloud, and lets even relatively inexperienced users to do so securely. For more information on how Safe-T can help secure your web application, contact us for a free demo today.