Trends and Findings
Over the last few years, we have identified a number of common features and trends in system security, malicious attacks, and general web application testing. Of these, a number of the security testing issues are of some interest and can be addressed over time through a targeted approach.
In the last 18 months we have performed incident response and incident management for a relatively significant number of large clients. Through this, it is apparent that approximately 50% of the compromises that have taken place have done so through application level attacks. In general terms, the root cause of the attacks were:
1. Vendor provided software (including both off the shelf and custom) having a number of insecurities and software vulnerabilities which the customer was unaware of
2. A single misconfiguration resulting in a full compromise indicating a lack of a defence in depth strategy and implementation
Other points we have observed are that:
Server and Operating System level attacks are tending to plateau, with larger companies significantly worse than smaller companies in managing both vulnerabilities and insecurities.
There were relatively few