Chapter 1. Introduction

Web application security protects your enterprise applications—the critical applications that drive your business forward—from constant, complex, and sophisticated threats. Most of these applications live on the network edge, where they are internet-facing and where attackers are increasingly focused on gaining access to your downstream data. It’s paramount that you focus on mitigating these threats to reduce or neutralize their impact and maintain fast, reliable access to applications and services for your customers.

Web application security is much more than an IT problem. It can become a significant business problem if not handled aggressively. Attacks on web applications can circumvent your security and harm your business in myriad ways by creating unwanted downtime, reducing availability and responsiveness, and shattering trust with your customers when data confidentiality and integrity are compromised. Customers have little patience for slow or unavailable web applications, and if you fail to mitigate these risks, they’re likely to take their business elsewhere.

The sophistication of recent web application attacks has grown rapidly and significantly, and this trend is expected to continue. Attackers use increasingly complex methods to access, extract, or steal critical data that lives on the network or cloud edge. In fact, according to a 2018 survey from Synscourt and Vision Solutions on the new IT landscape, 37% of IT professionals stated that their chief security challenge is the increasing sophistication of attacks. These attacks can severely cripple compute-intensive edge applications. The rise of rogue mobile applications and infected Internet of Things (IoT) devices turned into malicious bots is exponentially increasing the risks organizations face. Making matters worse, security teams are often too overwhelmed to promptly patch known vulnerabilities or take normal security precautions, which severely increases the risks they face daily.

Whatever the attack scenario, poorly secured web applications make fertile ground for attackers interested in gaining access to your systems or getting deeper into your data. In fact, it’s often a faster, more efficient approach for attackers to use these vectors than compromising internal computers and attacking servers in the datacenter from within. To protect your business from web application security threats, you must be aware of the types and sources of attacks facing modern web applications, understand the threats they pose to your business model, and execute a modern web application security strategy.

This report covers the threats to modern web applications with a special emphasis on a growing risk that represents arguably the most pervasive and significant threat facing web applications today: the massive increase in malicious bots. It also provides you insights on the continuous stream of newly discovered application vulnerabilities, the growth of machine-to-machine communication via application programming interfaces, the upsurge in distributed denial-of-service attacks, and highly sophisticated, server-based malware. The report will help you better understand malicious bots and other threats and the risks they pose, so you can plan and implement effective web application security.