WWC

ITNewsAfrica logo





linkedin   twitter icon   facebook



 

General News

Release of first F5 annual Application Protection Report outlines key risks and defences


JOHANNESBURG December 12, 2018 –A recently released report by F5 Networks has shed light on the frequency and nature of web application attacks. The first annual Application Protection Report from F5 surveyed 3,135 IT and security practitioners across the globe, while additional research conducted by Whatcom Community College (University of Washington Tacoma), along with data from WhiteHat Security and Loryka, served to make this one of the most comprehensive application protection reports available today.
This is according to a recent F5 article from Ray Pompon, a principal threat research evangelist with F5 Labs, who is also the author of the Application Protection Report.


Pompon explains that in the report: ‘…we provide a practical model for understanding the complexities of web applications; we look at the cold, hard facts about how, why, where, and how frequently apps are attacked; and we suggest concrete steps that security professionals can take today to protect their applications’.
Simon McCullough, major channel account manager at F5 in South Africa, says, “When apps are attacked, there are many different potential impacts, including denial of service, breach of confidential or sensitive information such as trade secrets and intellectual property, and the loss of potentially identifiable information for both customers and employees.


“Significant application breach risks, as outlined in the report, include payment card theft via web injection, website hacking, and app database hacking. The report is a mine of useful and practical information setting out the key risks regarding application attacks, and advice on how to protect this critically important IT layer, which is so key in today’s business environment.”
According to the report, the most significant new application risks include the following:

  • Injection attacks against app services:These allow an attacker to insert commands or new code directly into a running application (also known as tampering with an app) and are rated as the number one risk to applications on the OWASP Top 102017 list;
  • Account access hacking:This includes credentials stolen via compromised e-mails, access control misconfiguration, brute force attacks to crack passwords, credential stuffing from stolen passwords, and social engineering theft.
  • Deserialisation attacks against app services: Serialisation occurs when an app converts its data into a format for transport, and deserialisation is the process of converting that data back again. This method was used to breach credit reporting company Equifax in 2017 (the Apache Struts deserialisation injection) and steal the identities of 148 million Americans and 15.2 million UK citizens last year.
  • Attacks against transport layer protection:Organisations need to ensure that all applications are running acceptable levels of encryption and have proper third-party signed certificates in place.
  • Denial-of-service attacks against any component of the app:Such attacks are pervasive across all levels of the application tier, so it’s critical that every organisation has a response strategy.
  • Scripting attacks against clients to hijack access: These attacks generally involve a client app encountering malicious scripting code planted by an attacker somewhere on a website, with the result that user credentials are stolen or access is hijacked, or else the client unknowingly runs unauthorised commands on a website.
  • Malware attacks against app clients: This occurs when clients are attacked directly with malware that hijacks the browser to intercept the application authentication credentials. The advent of the European Union’s General Data Protection Regulation (GDPR) is likely to impose stricter protection of the client device. Malware that targets financial logins is quite common for both browser and mobile clients.

Anton Jacobsz, managing director at Networks Unlimited, a value-added distributor of F5 in Africa, concludes, “The report outlines that four key steps to take to protect your application security are: understand your environment; reduce your attack surface; prioritise your defences based on risk; and select flexible and integrated defence tools. The release of this report is a pivotal moment, pooling information from highly credible sources and giving IT professionals critically important knowledge of the current web application threats and what we can do to protect against them.”
To find out more, please contact Esti Bosch, F5 product manager at Networks Unlimited: esti.bosch@nu.co.za.


About F5
F5 makes apps operate faster, smarter, and safer for the world’s largest businesses, service providers, governments, and consumer brands. F5 delivers cloud and security solutions that enable organisations to embrace the application infrastructure they choose without sacrificing speed and control. For more information, go to f5.com.


About Networks Unlimited
Networks Unlimited is a value-added distributor, offering the best and latest solutions within the converged technology, data centre, networking, and security landscapes. The company distributes best-of-breed products, including Attivo Networks, Cofense, Carbon Black, Fortinet, F5, Hypergrid, Mellanox Technologies, NETSCOUT, NETSCOUT Arbor, ProLabs, RSA, Rubrik, SevOne, Silver Peak, Thales, Tintri and Uplogix. The product portfolio provides solutions from the edge to the data centre, and addresses key areas such as cloud networking and integration, WAN optimisation, application performance management, application delivery networking, Wi-Fi-, mobile- and networking security, load balancing, data centre in-a-box, and storage for virtual machines.


Since its formation in 1994, Networks Unlimited has continually adapted to today's progressively competitive and evolving marketplace, and has reaped the benefits by being a leading value-added distributor (VAD) within the Sub-Saharan Africa market.

Contacts

icomm, Vivienne Fouché, +27 (0) 82 602 1635, vivienne@pr.co.za, www.icomm-pr.co.za




 

 

COMPANY PRESS OFFICE

ITNewsAfrica logo

 
 
Download Button