Home » Internet Security Articles » Anatomy of a Web application attack

Anatomy of a Web application attack

Hackers always find new ways to compromise your web application's security but there are patterns they follow in every attempt of an attack. Knowing these patterns is essential for closing security gaps and preventing your system from being hacked.

The most common tasks a hacker performs are:

Remote System Scan
Hacker runs various port end service scans to detect which of them are open and thus prone to an attack.

Information Collection
After a scan is complete, hacker try to determine what software you are using and site structure. They will scan your applications and Internet facing servers checking for their versions.

Testing of a web application
Hacker performs security tests attempting to exploit dynamic functions of the application and looking for common programming errors that could expose the application to a threat.

Planning the attack
Acting as a “normal” user of a web application hacker is undistinguishable from other users. Therefore they can stay undetected and use information gathered deploying selected attacks.

Launching the attack
Once all relevant information has been collected and vulnerabilities detected, the hacker launches an attack using all means available to compromise your system. They try to remain undetected so that tackling the problem is extremely difficult.

How to secure your web application?
Your web application is vulnerable to attack and therefore you must be able to detect holes in both standard and proprietary web software you use. If your IT staff isn't qualified to perform security audits you shall sign a contract with a specialised IT security company that will conduct evaluation of all applications on web connected systems.

A typical security audit process involves evaluating device configuration, software configuration as well as examining each line code (application source code) for existing security holes that can affect overall system integrity.
You must be getting the right information at the right time about security vulnerabilities in your systems.

The company that performs a security test for your web application has to deliver a detailed report of weaknesses and an action plan to remedy them. The reports they produce will inform you of the vulnerabilities in the web application and the suggested solutions.

Security audit companies not only suggest solutions but also implement them e.g. by removing security holes from the source code and securing the software infrastructure.