Skip to main content

Web hosting providers underestimate the security threat facing web applications

Despite the highly publicized attacks on websites worldwide, many web hosting customers remain unprotected against the newest forms of attacks as cyber crime tactics evolve, says Applicure, a web application firewall specialist which protects hosting companies and their customers from incoming web server attacks.

Hundreds of thousands of web site operators - many with little or no technical expertise - rely on web hosting providers to keep their websites and web applications safe.

Yet events such as the recent SQL injection attack that compromised more than 70,000 websites, and the 10,000 web sites serving up malicious code in December, show hackers are exploiting vulnerabilities in web applications with impunity.

The combination of traditional firewall technology becoming mainstream and enterprise networks improving their defenses has driven hackers to find more vulnerable targets.

Yaacov Sherban, CEO of Applicure, commented: 'Popular entry routes for attacks now focus on web applications including message boards, forums and registration forms, which puts websites of every kind right in the firing line.

With many web applications virtually unprotected, it's easy for hackers to deface or shut down the website, or else manipulate the applications to reveal sensitive data.

For web host providers all it takes is one customer website to be breached and the whole server, with thousands of hosting customers, can be wide open.'

The traditional approach to application vulnerabilities is to scan programs and patch the weaknesses.

Désiré Athow

Désiré has been musing and writing about technology during a career spanning four decades. He dabbled in website building and web hosting when DHTML and frames were en vogue and started writing about the impact of technology on society just before the start of the Y2K hysteria at the turn of the last millennium. Following an eight-year stint at where he discovered the joys of global tech-fests, Désiré now heads up TechRadar Pro. Previously he was a freelance technology journalist at Incisive Media, Breakthrough Publishing and Vnunet, and Business Magazine. He also launched and hosted the first Tech Radio Show on Radio Plus.