November 30, 2014


Gone are the times where Operating systems such as Windows had tons of flaws. The OS manufacturers are getting better (even Microsoft). Yes there are still server vulnerabilities and there always will be, but these day it’s not as easy for Hackers as it used to be a few years ago where they ran Metasploit with standard exploits and they were in.

So did Hackers give up now? No, far from that. They have discovered the Web Application layer. With hundreds and thousands of different Web Apps, flaws are unavoidable. The market demands new features, develops more and more Web Apps, SaaS applications and the security is neglected with many of those developers. Look at Open Source WordPress. So many businesses use it, help themselves to free plugins. Do you think those free plugins don’t have vulnerabilities? Of course they do and more than ever before.

LFI, SQL injection, Cookie hijacking and XSS are the new popular terms around Hackers. APIs are present everywhere, allow cross platform logins, share data. Whilst a lot of the developers at least try to implement security, others process input unchecked which allows for remote code injection.

Yes, open source freeware and shareware is great, but before you deploy those on your website, please do consider the security risks! Open source typically has the source code open somewhere and even a entry or mid level programmer can spot security flaws and exploit those.

Above is the reason why more than 70% of all technical attacks involve Web Applications these days.