Web Application – When developing applications developer is usually the main efforts are aimed at providing the required functionality. At the same time, the issues of safety and quality code neglected. As a result, the overwhelming Most web applications contain vulnerabilities of varying degrees of severity. The simplicity of the HTTP protocol allows the development of effective methods automatic analysis of web applications and identify vulnerabilities in them. This greatly It simplifies the work of the offender, enabling him to detect a large number of vulnerable websites, to then carry out an attack on the most interesting of them. In addition, some types of vulnerabilities not only permit automatic identification, and automatic operation. It is thus made the mass introduction of web-resources of malicious code, which is then used to create botnets of workstations ordinary Internet users.
Opportunity use web application as a platform for attacks on jobs User itself makes these applications an attractive target for the offender. Thus, in the preparation of attack information infrastructure offenders primarily investigate its web applications.
Vulnerabilities
Underestimating the risk that may represent vulnerabilities in web applications that are available from the Internet, possibly is the main reason for the low level of protection of the majority of them. OWASP (non-profit organization Open Web Application Security Project) after his research has presented a list of ten of the most dangerous, but at the same time, common vulnerabilities in the software for the Internet and web services.
Thus, vulnerabilities in Web-based applications continue to be one of the most common shortcomings of information security. Problem security of Web-based applications is compounded by the fact that the development of Web-applications are often not taken into account issues related to the protection of these systems from the internal and external threats or not paid sufficient attention to the process.
This, in turn, gives rise to a situation in which IB problems fall into the field of view owner of the system after the completion of the project. A fix vulnerability already created Web-application is more budget expenditures than during its development and implementation. The underestimation of the severity of the risk of the implementation of information security threats with the use of Web- applications available from the Internet is probably the main factor the current low state of security of most of them. Misuse of personal information can cost an individual. Nearly all users of web-based applications have been attacked and hacked successfully in one way or another. This can occur due to user ignorance or application weakness.
