Why 'Take 1'?? Because I expect I will use this title a few more times. I recently spoke at the Government National Security Conference on the topic of why organisations that spend £millions - sometimes ten's of millions - on network security still regularly appear in the media over avoidable data theft attacks.
Interesting reading this morning from Phil Muncaster about a Chinese Cyber Crime Gang suspected of making over £30 million because they were able to hack applications and make changes to government databases. It is alarmingly simple to attack web-based applications when only
Learn more about the many attacks invisible to legacy network security (Firewalls) from OWASP - the Open Web Application Security Project:
- Top 10 Application Attacks - here
- Downloadable Virtual Machine, WebGoat that teaches you how to hack web applications
Application Security focuses on the communication within the encrypted connection between the consumer/customer and the Application itself. This is where most data theft attack attempts take place and, conversely, is often overlooked in favour of heavy spend on e.g. network firewalling.