IMPORTANCE OF SECURITY IN WEB PAGES
Nowadays Internet is of vital importance for all since many services reside and / or are offered online. Therefore, the management of the risks that can affect these systems is a very important aspect to be taken into consideration. Without going into technical details, we can summarize that the risk is calculated using an arithmetic formula based on the probability, the impact of a vulnerability and the value of the affected asset. A vulnerability can be considered as a weakness present in our system which could be exploited by an attacker to compromise it. In Web pages we can find different vulnerabilities such as: SQL injections, Cross Site Scripting (XSS), local file inclusion (LFI) and remote (RFI), Server Side Includes (SSI), etc ... On the Internet it is possible to find different statistics of vulnerability distributions of Web pages. In them it is possible to appreciate that SQL and XSS injections are still the most frequent vulnerabilities. There are different risk management methodologies such as MAGERIT, CRAMM, and OCTAVE.
Example of information security
To consider a real case close to us, we can analyze the results obtained by Security Guardian, a company specializing in information security that collaborates with Andromeda Computer in the field of advice for infrastructure protection and security. In the different tests carried out, some vulnerability has been detected in more than 90% of the tests carried out and in more than 75% at least one critical vulnerability has been detected. Of the critical vulnerabilities detected, approximately 23% have been SQL Injections and 12% Cross Site Scripting (XSS).
It is possible to find vulnerabilities at different levels, starting with the logical level, therefore the level of security reached corresponds to the minimum level of security present. To study the security of an environment, it is necessary to analyze not only the final product, but also the entire system, such as the entire business model, the architecture, the hosting platform and the different agents that take on the development and delivery from service.
Some of the possible entry points for the potential attacker are the vulnerabilities present in the Web application and service. It has not been explained yet because someone would take so much trouble. Normally the motivation is to achieve some benefit of whatever kind: economic, reputation, ... The disfigurement of web pages, the theft of information and the denial of service are the most frequent objectives. If the motivation is to achieve some benefit, the possible attacker could be the beneficiary, therefore a potential attacker is not only an anonymous hacker, it can also be someone very close to us, for example a disgruntled employee, a former employee or even a competitor.
Increasingly frequent security attacks
In general, attacks are becoming more frequent. It is possible to find news that highlights a 44% increase in cyber attacks, or others that describe that Symantec reports an increase of 81% in malicious attacks. If we want to know an approximate number of disfigurements, we can see that Zone-h has reported almost 8.5 million pages disfigured in 2018.
Considering some factors such as the importance of Web pages in our businesses and even in our society, the increase in the number of attacks carried out, and the sophistication of the automated tools to carry out such attacks (which also require less and less technical knowledge and that allow more and more complex attacks), it is essential to take care of the security of our Web pages in a continuous and exhaustive way. In addition, we must consider that the impacts due to security problems can be disastrous because they produce economic losses, loss of image, denials of service (not being able to provide service), loss of information, etc .... Among the impacts mentioned above, the loss of image is perhaps the worst since it can seriously damage the reputation of the company and can easily lead a company to bankruptcy.
Finally, in order to guarantee the security of our web pages, it is necessary to analyze deeply all the elements that intervene in the business chain. You have to think, for example, of security at a logical, physical level (access control, firewall systems, ...) and perimeter (firewalls, IDS, IPS, ...), program securely, configure services and applications correctly, worry about the confidentiality, availability and integrity of the information, totally isolate the data, and perform continuous monitoring of security. In addition, the regulations must be correctly complied with (LOPD, SSI, ...) and it could be of help for safety and for the business to comply with the corresponding standards (eg: ISO). Therefore, it is advisable to seek ongoing advice, as well as having a stable and reliable supplier that can provide years of experience in the same sector.
The security of the web pages of our clients and the protection against possible hacker attacks is very important for Andromeda Computer. For this reason we provide robust hosting platforms highly protected and we have a team dedicated exclusively to the assessment and analysis of vulnerabilities.
You don't have a plan for your business yet?
Don't worry, we help you!