Title
Not Logged In [Login Now]

Threat Landscape

Threats

Threats Shortlist

Hackers

Hackers are shifting their focus to websites and web-application vulnerabilities as the number of Operating System flaws begins to dwindle. Furthermore, web-application attack tools are getting better. XSS assistant, GreaseMonkey, Tamper Data and other extensions can turn a FireFox into a very capable attack toolkit. Additionaly, web-exploit tool-kits such as Mpack and icepack allow attackers to easily turn a legitimate website into a attack platform.

Web Worms

Worm authors have found ways to use web-application vulnerabilities to propagate malicious software. For example, the Fujacks and Pardona worms append malicious iframes to web pages hosted on compromised servers; the malicious iframes spread malware to visitors of the website.

Malicious or Misguided Users and Employees

Websites now contain more user or employee generated content than ever before. User and employee content can contain inappropriate and damaging content such as offensive language, information leaks and even exploits.

Misconfiguration / Design Flaw

Websites are becoming increasingly complex as they adopt XML-RPC, SOAP, AJAX and other web 2.0 technologies. The added complexity increases that chance that a design flaw exists that may inadvertantly leak sensitive information or leave confidential information exposed.