Java Reference
In-Depth Information
in the usage of MasterCard cards by consumers. he dip in the usage of MasterCard credit and
debit cards was due to the fact that CardSystems was one of the major processors of MasterCard
credit and debit cards in the world and the breach of cardholder information from CardSystems
caused MasterCard customers to lose a great amount of faith in the brand.
3.3 Web Application Incidents
Earlier, we discussed how the Web, from a collection of static Web pages, evolved into a complex
structure with several Web applications working on various platforms. Now let us explore the
threats afecting this dimension.
We have already indicated that Web applications are the new focus of attacks the world over.
As the Internet has become ubiquitous and as the number of people and organizations utilizing
the Web has gone up, so have the threats to these applications. Attackers have started focusing on
poorly developed Web applications and have exploited them, resulting in several millions of dol-
lars in losses and loss of reputation and consumer conidence.
Attackers today are after valuable information like credit card numbers, Social Security num-
bers, and customer information. hey are most likely to ind this data by exploiting Web applica-
tions because these are the applications that are on the Web and are used by millions of people
every day. he attackers stand to gain a great deal of valuable information by breaking into a bank-
ing Web application or a stock-trading Web application. hey are likely to gain access to valuable
inancial information by breaking into e-commerce portals and other merchant portals. Identities
can be stolen by breaking into social networking sites and other such sites.
Hacktivists
are the other
breed of attackers to contend with. hese individuals are not after money and identity information
but pride themselves on their ability to bring down a Web site or deface it. Hacktivists also hack
Web sites and Web applications to take an anti-incumbency stand against governments or other
public bodies.
Let us now examine some incidents of security breaches, which have caused a great deal of loss
of money, reputation, and legal hassles.
◾
One of the early Web application attacks was the Distributed Denial of Service attack on
Yahoo
*
in the year 2000. he Web servers of Yahoo were bombarded with requests from
multiple sources, which brought down their Web site.
he Samy worm on MySpace was a classic example of an application attack, which really
◾
made people sit up and take notice of the fact that Web applications were the new targets
after networks and operating systems. he reason why the Samy worm gained so much
notoriety so quickly was that it was a result of a single user, who was able to perpetrate the
attack with some client-side scripting skills. his attack demonstrated to the industry the
impact of a Web application security incident. he attack played out like this: Samy was a
user who wanted to expand his list of buddies on MySpace, which is why he created a self-
propagating cross-site scripting attack that forced people to become his friend; at the end of
24 hours, Samy had amassed more than 1 million friends. his worm was the result of cross-
site scripting vectors. Samy was able to bypass the input validations on MySpace and found
a way to inject code into MySpace. MySpace iltered out the word
javascript
, which was
necessary for code execution. Samy broke the word
javascript
into two and placed the code
*
Yahoo Denial of Service Attack details—http://www.networkworld.com/news/2000/0209yahoo2.html.
Search WWH ::
Custom Search