Internet Security

                                                           “In the race between the hacker and the user, the one who keeps ahead is the winner”

Home | Contact Us

Phishing
Broken Access Control
Code Injection
Articles
Expertise
Emerging Threats
Terminology
  

Hello and welcome to our website! Through a series of webpages linked to this site, we are here to inform you and hopefully protect you against three of the biggest and most dangerous threats in Internet Security today. To learn more about phishing, broken access control, or code injection, feel free to browse the corresponding webpages.

To learn more information from expertise, read recent news articles, or learn about emerging threats pertinent to these topics, click on the links to the left and you can read all of the information you wish. Last but not least, there is a terminology page, so any time that you do not know the meaning of a technical term, it will most probably be placed in the terminology page.

We hope that you enjoy this site and that the information presented will help prevent your computer from being a security risk. Thank you for visiting and please feel free to contact us for any more concerns, questions, or suggestions.

Introduction

Internet security threats have plagued commercial web applications for a long time. The threats analyzed include Phishing, Broken Access Control, and Malicious Code Injection. Countermeasures and mitigations to these threats have also been suggested. A survey conducted by Gartner shows that 70% of the internet attacks occur at the application level layer. Hence, it is important to understand that the web application itself is used to attack the application. The mechanism of these attacks is to put in data in the fields of the application, which is not genuine data but some code or commands, which would execute on the server causing undesirable effects. Secure Socket Layer and Firewalls do not work against such application attacks, since the attacks strings are part of valid HTTP traffic.

There are varieties of techniques that hackers use to break into web applications. An application “break-in” is bad publicity as well as a loss of money and credibility to the owner of the application. Business is done on trust and a loss of credibility is very difficult to recover. An application that is hosted on the web has to be robust to withstand attacks. An application needs to be designed, developed and deployed with security in mind. Security can definitely not be an afterthought. The cost of patching an application after deployment is much more than building the application with a focus on security. A secure mindset keeps on anticipating the failures that can take place in every component of the system. Hence it is of paramount importance to understand these threats from both the perspective of the attacker (for early secure defense) as well as that of the user (for security incidence response).