Media

SecureWorks Blocks Over 37 Million Web Application Attacks from Hackers and Expands Application Security Practice

Atlanta, January 17, 2007 - SecureWorks, the largest managed security services provider safeguarding 1,600 clients and more financial institutions than any other vendor, announced that it blocked over 37 million web application hacker attacks attempted against its banking, credit union and utility clients in 2006. They also reported that their web application security assessment business has tripled since last year. SecureWorks has expanded its practice in order to combat web application attacks such as SQL Injection, Cookie Tampering, File Inclusion, Directory Traversals and an array of others.

“Beginning last spring, we saw a significant increase in the number of SQL Injection attacks being attempted against clients,” said Erik Petersen, VP of Professional Services for SecureWorks. “In April, they jumped from an average of 100 to 200 a day to anywhere from 1,000 to 8,000 per day and have remained at that high rate ever since. We also found that in 2006, 38% of all the targeted attacks, instances where hackers go after a specific institution, were against web applications. We found that a third of the targeted web application attacks were coming from overseas, primarily from China, Taiwan, Germany, South Korea and Poland.”

Defending one’s organization from web application attacks not only requires a comprehensive Intrusion Prevention System but a thorough assessment of the organization’s application code. “When SecureWorks is hired to check the security of an organization’s web applications, we go in and audit their application code looking for any and all security flaws and then we advise the organization on how to fix them and how to prevent future flaws,” said Petersen. “With the pressure on businesses today to automate their processes, there are many web applications being developed too quickly. Consequently, many of them, especially custom applications, are fraught with security holes,” concluded Petersen.

“In the last year, SecureWorks has been brought in to do web application assessment work for many organizations that are not clients of SecureWorks’ Managed Security Services,” continued Petersen. “Unfortunately, many of these companies came to us after a compromise. The compromises aren’t all committed by traditional hackers, sometimes they are done by competitors or done inadvertently by visitors to an organization’s website.”

In one example, a company’s competitor was browsing the organization’s website and came upon their “place a shipment” web form. The competitor went to the URL and changed a few letters and suddenly the competitor could see everything that organization was shipping, for whom and to where. Another instance was with a magazine “subscriber questionnaire” web form. In that case, one change of the number in the URL and all of the personal information filled out by another subscriber was visible including: salary, title, contact info, etc.

“These aren’t even the worst compromises,” said Petersen. “Unfortunately security holes, even in simple web applications, can potentially enable a hacker to gain access to an organization’s critical databases containing client social security numbers, account numbers, credit card numbers, email addresses, etc. One of the most publicized instances was the CardSystems security breach, where hackers stole 263,000 customer credit card numbers and exposed 40 million more using a SQL Injection attack,” continued Petersen.

How to Prevent Web Application Security Holes
To avoid potential web application attacks, SecureWorks advises organizations to make sure that their web applications are secure before they are ever launched. They recommend these processes.

  • Secure Coding Techniques – Integrate documented procedures to address secure coding techniques within the software development lifecycle.
  • QA Process for Security – Ensure that the QA Process includes security testing before the application goes live.
  • SLAs Covering Security – If an application is being developed by a third party, make sure that the vendor is adhering to a Service Level Agreement(SLA) which also includes Secure Application Development and that there is a contract which enforces the SLA.
  • Outfitting Software Developers – Make sure that your software developers receive ample training and tools in which to develop secure code.
  • Checks and Balances – Have a 3rd party validate the security of your web applications. The third party must be up on the latest attack exploits and emerging threats plaguing applications.

In addition to following these processes, it is important for organizations to protect their web applications, as well as the web server on which the web application is running, the database from which the web application is retrieving information, and the operating systems upon which the web servers, applications and database reside.

A Network Intrusion Prevention System and Host Intrusion Prevention System can offer many of these protections, especially if they are being monitored by a 24x7x365 security team that can deploy countermeasures for the newest types of attacks, as variances are released.

SecureWorks has been successful in protecting its clients because it is constantly monitoring the attack landscape and developing countermeasures for any new attacks that might arise.  In addition, it has successfully advised many of its clients in the processes of secure web application development.

About SecureWorks

With over 1,600 clients, SecureWorks has become the largest managed security services provider safeguarding more organizations than any other vendor. SecureWorks provides the most effective security services by leveraging our integrated security management platform, advanced security research, and 100% GIAC certified experts. By providing a full breadth of security services, we can offer fully-managed, co-managed or self-service security solutions to meet the needs of Fortune 100 companies with large security teams as well as smaller companies with no security expertise. In addition, SecureWorks has helped companies pass over 2,400 compliance audits by providing comprehensive and straight-forward board and examination reports. SecureWorks won SC Magazine’s 2006 MSSP of the Year and Best Intrusion Prevention awards, Frost & Sullivan’s 2006 Entrepreneurial Company of the Year award and was named to the Inc 500 and Deloitte & Touche lists of fastest-growing companies for the past two years.

###

Media Contacts

Elizabeth Clarke
SecureWorks
404.486.4492
eclarke@secureworks.com

Join Newsletter