Web app exploits biggest hacking target in 2007

Paul Henry, vice president of technology evangelism at Secure Computing believes traditional signature-based security technologies are obsolete and ineffective, and have failed in protecting the surge in web and application vulnerabilities.

According to Henry, the threat landscape has shifted from a network layer threat to an application layer threat where hackers’ primary aim is to remotely retrieve critical data.

“The defensive mechanisms that have been put in place in the last four to five years totally missed the application layer," he said.

Companies today have evolved and are putting more of their internal processes on the public Internet. Unfortunately, they haven’t done a good job of securing them, according to Henry.

“We’re now seeing 500 new vulnerabilities reported every single month in applications and operating systems, while vendors provide an average of maybe 25 new signatures monthly,” he said.

According to Henry, recent 2006 reports indicate a 30-40 percent increase in vulnerabilities which, for the first time, were mostly remotely exploitable web applications.

“Web-apps today are the threat vector. If it runs on layer 7 (application layer) it will be attacked, it’s as simple as that,” said Henry.

“If you look at IE6 or IE7, there are are unpatched vulnerabilities, Microsoft is yet to patch them, and the bad guys are taking advantage of that on a daily basis,” said Henry.

Allan Bell marketing director for APAC at security vendor McAfee believes the time frame for producing signatures is shrinking but better methods do exist.

“Signatures are very important -- they allow you to analyse and identify the threat, but they tend to be reactive,” said Bell.

The most recent remote exploit attack at the US- based Dolphin Stadium occurred a few days before the colossal Super Bowl event. The attack only lasted a few hours but thousands of football fans were affected.