Web applications by nature are not static. Content is continually being altered on a very frequent basis in order to keep up with the demand of new features and functionality. Even the simplest of changes could produce a vulnerability that may pose a major threat to corporate assets and confidential information, such as customers’ identity, if and when a Web application attack is launched. The list of Web application attacks used today is growing. From SQL Injection to Google hacking, organizations are learning the hard way of the ramifications from a Web application attack. This new generation of attacks has only begun and organizations are already behind in protecting their most precious assets.
Traditionally, many people viewed application-level exploits as a much harder and more targeted attack on their Web site. This was true a couple of years ago, but with the advent of using the power of search engines for malicious attack, hackers can now identify and exploit vulnerable applications with extreme ease. Now the threat of attack no longer requires your company to be focused target. Exploitation is as easy as turning up in a search result.
The Dawn of the Worm
Another form of attack becoming popular at the Web application-layer is the worm. Worms have traditionally been widely successful at the network layer of an organization’s infrastructure, targeting networks both personal and corporate. Worms focused on the network layer take advantage of existing network vulnerabilities such as a buffer overflows and un-patched systems. The network worm infects a vulnerable system then uses that system to identify other vulnerable targets to infect and propagate itself from one server to another. Traditional forms of Internet security have progressed, such as intrusion detection and protection systems (IDS and IPS), to help in discovering this popular form of malicious attack before any damage is incurred. Web application worms, however, are targeting the layer of organizations that is the least secure and are not protected by these traditional forms of Internet security. These nasty forms of attack utilize known exploits, apply worm methodology and then leverage the power of search engines to find vulnerable Web applications to accelerate effectiveness.
Worm Methodologies and Challenges
One of the keys to a successful worm is the ability to identify the next victim. Many worms apply different tactics in order to do this type of search and seizure. Traditionally these tactics have been patterns such as randomly picking IP addresses, or picking up an IP range of a victim and incrementally scanning that range. Some worms even take advantage of the data on the server. They grab e-mail or HTML documents on the infected host and scan thru these in order to find more potential targets to infect. The ability to find the next target is an art and the methods of doing so are amazingly clever.