Vulnerability on demand
Businesses are being warned that standard security measures like firewalls and intrusion detection will not be enough to protect against new web application level attacks, which can only be countered with website scanning tools and services.
IBM has said that as companies infuse more Web 2.0 content into their online and e-commerce websites, they are seeing an increased risk of new security vulnerabilities.
In response, it today announced an edition of Rational AppScan to deal with those emerging threats and the security scanning of Web 2.0-based applications. AppScan 7.8 tests for common web application vulnerabilities, but will also check rich, Flash-based Web content and run Web 2.0 exposure scans.
Open Web Application Security Project, an organisation that focuses on improving the security of application software, has put together a list of the top ten web application security vulnerabilities. Top of the chart is the so-called cross-site scripting attack, followed by injection flaws and malicious file execution.
The IBM product announcement mirrors calls also being made today by Gamasec Ltd, which is recommending organisations assess their site vulnerability using scanning services as an early-warning system for web application security.
It cites Gartner Group, which reckons that 97% of over 300 web sites it audited were found vulnerable to web application attack. It said 75% of the cyber attacks today are at the application level.
GamaScan is a web vulnerability-assessment service that tests web servers, web-interfaced systems and web-based applications and will crawl an entire website, analysing every file, and displaying the status of the website structure against current vulnerabilities.
IBM has also introduced an OnDemand version of Rational AppScan, as a production server testing tool for organisations that make frequent changes to their web site. It said by using the OnDemand service, “a company that updates its web site every 15-minutes can now automatically scan their online application four times per hour, helping to creating a safer online experience for its customers.”