Sans Institute advises on internet risks

Security training group Sans Institute warns of major potential problems from web-based threats

Data breaches through web application vulnerabilities remain a major threat to firms, according to the latest report from IT security training organisation Sans Institute.

Attacks are now numbering 400,000 to 500,000 in one day, many targeted at web hosting providers, according to report editor Rohit Dhamankar of intrusion-prevention specialist TippingPoint.

"Often people are in a hurry to create a custom app that has a lot of functionality, because PHP is a good tool, but it will be riddled with problems, " he explained, citing the rise in popularity of web scripting languages such as PHP and Perl. "A lot of the attacks are zero-day, although they don't get the same publicity as those on Microsoft products, and at the web apps' back-end is often stored [sensitive] data."

Dhamankar said firms should consider creating hardened environments for running these applications, and developers could take steps to engineer-in greater security from the start.

The report also highlighted rapid growth in attacks, specifically zero-day attacks, on Microsoft applications that have hitherto been thought of as reliable, such as PowerPoint, Word and Excel.