New Online Threats for the New Year

What's on SPI Labs' list of top Web application security threats it expects this year?

by Lafe Low

The SPI Labs division of SPI Dynamics recently published a report on what it expects to be the top Web application security threats for this year. The list includes (in no particular order of prevalence or severity of threat):

  • Rapid application development: Sufficient security testing is often sacrificed during a compressed development cycle, leading to oversights and other vulnerabilities.


  • File formats: It's not the file itself that's vulnerable, but rather the application interpreting the file. These types of vulnerabilities are a popular target for phishing attacks.


  • Bridges: In a bridge attack, hackers take advantage of trust between the two sites, and get an additional layer to hide behind.


  • Printers and routers: Any hardware, including printers and routers, that run Web application servers are often targeted as they are less suspect.


  • Web 2.0: While Web 2.0 may result in easier-to-use Web applications, those complex apps also carry a greater security risk.


  • Client-side attacks: Client-side vulnerabilities in Web browsers can leave you open to phishing attacks and potential identity theft.


  • Web application worms: Web-based worms are a relatively easy way to launch widespread attacks.

It's a new year—another 365 days for digital deviants to conjure up new and interesting ways to break in where they shouldn't. Stay on your guard. That should be your New Year’s resolution.

- - -

Lafe Low is the executive editor of Redmond magazine. You can contact Lafe at llow@redmondmag.com