Web applications are the biggest security blindspot out there, according to a new analysis of real-world threats.Compiled over a six-month period by Fortify Software using data from customers of its Application Defense system, the report notes the lack of data on Web application issues when compared with established attacks such as “viruses, network-based attacks, public vulnerability announcements and spam/phishing schemes.”At the head of the list of application threats uncovered by Fortify are automated “bots storms,” which on average accounted for 50 percent to 70 percent of the attacks on Web applications found by the study. These are able to trawl randomly for known and unknown vulnerabilities without the need for human intervention, hence their growing popularity. SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe Bots, of course, are a nightmare to stop because they direct attacks from thousands or even millions of PCs located across the globe in multiple domains. The phenomenon of “Google hacking” accounted for a further 20 percent of attacks, whereby hackers can glean vulnerability data on specific websites by analyzing Google’s search results using software tools. Recorded at lower but still significant levels were even more dangerous forms of attacks such as cross-site scripting, SQL injection and standard buffer overflow compromises based on holes in specific applications. “It’s critical that businesses understand the risk exposure of their applications and take the necessary steps to avoid dangerous security attacks,” said Fortify’s Brian Chess. “There is a wealth of research covering viruses, network-based attacks, public vulnerability announcements, spam and phishing schemes, but very little focusing on Web-enabled applications that sit beyond the reach of firewalls and traditional network security.”Some operating systems—the report fingers a variant of Free BSD—aid the anonymity of the Internet, allowing proxying to be conducted without the need for extensive expertise. This means that criminals can hide their activities using proxies and encryption, even when carrying out hacks manually. This renders some of the country origination data for Web application attacks pretty useless. The United States comes out in the number-one spot in Fortify’s analysis, with China in second place and Poland in third. But if criminals are using anonymizing tools, the bulk of attacks could be coming from just about anywhere and everywhere.-John E. Dunn, Techworld.com (London)Check out our CIO News Alerts and Tech Informer pages for more updated news coverage. Related content feature The year’s top 10 enterprise AI trends — so far In 2022, the big AI story was the technology emerging from research labs and proofs-of-concept, to it being deployed throughout enterprises to get business value. This year started out about the same, with slightly better ML algorithms and improved d By Maria Korolov Sep 21, 2023 16 mins Machine Learning Machine Learning Artificial Intelligence opinion 6 deadly sins of enterprise architecture EA is a complex endeavor made all the more challenging by the mistakes we enterprise architects can’t help but keep making — all in an honest effort to keep the enterprise humming. By Peter Wayner Sep 21, 2023 9 mins Enterprise Architecture IT Strategy Software Development opinion CIOs worry about Gen AI – for all the right reasons Generative AI is poised to be the most consequential information technology of the decade. Plenty of promise. But expect novel new challenges to your enterprise data platform. By Mike Feibus Sep 20, 2023 7 mins CIO Generative AI Artificial Intelligence brandpost How Zero Trust can help align the CIO and CISO By Jaye Tillson, Field CTO at HPE Aruba Networking Sep 20, 2023 4 mins Zero Trust Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe