Web applications are the biggest security blindspot out there, according to a new analysis of real-world threats.Compiled over a six-month period by Fortify Software using data from customers of its Application Defense system, the report notes the lack of data on Web application issues when compared with established attacks such as "viruses, network-based attacks, public vulnerability announcements and spam\/phishing schemes."At the head of the list of application threats uncovered by Fortify are automated "bots storms," which on average accounted for 50 percent\u00a0to 70 percent of the attacks on Web applications found by the study. These are able to trawl randomly for known and unknown vulnerabilities without the need for human intervention, hence their growing popularity.Bots, of course, are a nightmare to stop because they direct attacks from thousands or even millions of PCs located across the globe in multiple domains. The phenomenon of "Google hacking" accounted for a further 20 percent of attacks, whereby hackers can glean vulnerability data on specific websites by analyzing Google\u2019s search results using software tools.Recorded at lower but still significant levels were even more dangerous forms of attacks such as cross-site scripting, SQL injection and standard buffer overflow compromises based on holes in specific applications. "It\u2019s critical that businesses understand the risk exposure of their applications and take the necessary steps to avoid dangerous security attacks," said Fortify\u2019s Brian Chess. "There is a wealth of research covering viruses, network-based attacks, public vulnerability announcements, spam and phishing schemes, but very little focusing on Web-enabled applications that sit beyond the reach of firewalls and traditional network security."Some operating systems\u2014the report fingers a variant of Free BSD\u2014aid the anonymity of the Internet, allowing proxying to be conducted without the need for extensive expertise. This means that criminals can hide their activities using proxies and encryption, even when carrying out hacks manually.This renders some of the country origination data for Web application attacks pretty useless. The United States\u00a0comes out in the number-one spot in Fortify\u2019s analysis, with China in second place and Poland in third. But if criminals are using anonymizing tools, the bulk of attacks could be coming from just about anywhere and everywhere.-John E. Dunn, Techworld.com (London)Check out our CIO News Alerts and Tech Informer pages for more updated news coverage.