The attack patterns of tomorrow are based on inherent weaknesses in the underlying Web standards. The Internet was never designed to deliver applications online.
This is the view of Saumil Shah, CEO and founder of NetSquare Solutions, who will speak at the ITWeb Security Summit from 11 to 13 May at the Sandton Convention Centre.
Shah points out: “The Web was designed to deliver research papers among scientists studying nuclear particles, who were buried in a large ring under three countries in Europe.
“Over the years, we have bolted on patches and hacks to make the Web deliver applications, such as online banking, travel reservations, social networks, stuff we cannot now do without. Due to its design, certain insecurities have always plagued Web applications.”
Shah points out that neither HTTP nor HTML have really adhered to standards and believes those standards that have been revised have ignored the security aspect. He explains that the security industry tends to adopt a knee-jerk reaction to attacks and a popular solution to addressing a weakness is to simply deploy a patch.
“It is high time that browser architecture and HTTP is overhauled to some extent, if we want to live in a world of secure Web applications, and more importantly, secure Web application users.
“Browsers, PDF readers and Microsoft Office applications are vulnerable to cyber attacks and are yet the most popular applications,” says Shah, explaining that browser attacks have become more sophisticated.
“A few years ago, SQL injection was used to harvest massive amounts of data from Web sites' databases. While this still happens today, SQL injection is now largely used to inject malicious javascript code into the contents of Web sites.”
Attacks have shifted from predominantly targeting a particular organisation to attacking individual users. Shah explains the number of enterprise attacks have been overshadowed by the sheer volumes of attacks targeting individuals.
Share
