Web Application Threat Trends: Penta Security Systems Releases Bi-Annual Report

Threat Report 2015-2

Second half of 2015 sees sharp increases in hacking attempts targeting website vulnerabilities

Seoul, Korea: Penta Security Systems Inc. has released its bi-annual Web Application Threat Report. Data is collected from detection reports gathered and analyzed in the second half of 2015. It is compiled from approximately 1000 separate units of Penta Security’s Web Application Firewall (WAF), WAPPLES. The units are from customers who have consented to the threat report. Penta Security does not release any sensitive customer data. Through this report, customers are able to gain insight on the newest trends in web application threats, and gain assistance in planning accordingly for future attacks.

Web Application Threat Trends:

In the second half of 2015, the threat report found that a significant portion of the attacks were Vulnerability Assessment attacks (roughly 400 million detections). Many were labelled as “Critical” in terms of risk levels. Vulnerability Assessment refers to when attempts are made to determine the vulnerabilities of a web server.

For web attacks corresponding to OWASP (Open Web Application Security Project) Top 10 attacks, Injection was the most prevalent, at 31%. Injection, where malicious codes are inserted in order to attack applications, causes extensive damage despite the comparatively easy execution process. Second, a high detection was measured for Security Misconfiguration at 26%. Security Misconfiguration attacks are when security settings are re-defined and the system is compromised. This can give hackers access to private data.

The report additionally includes the “WAPPLES Black List Top 30,” a list of source IPs from various countries and networks that have been categorized as spam or hacking with high danger levels.

Penta Security’s Head of Planning, Duk Soo Kim, stated:

“When infiltrators to the system succeed in their target, there could be a multitude of issues as a result of attacks: information leakage, defacement, and even complete server malfunction. Our hope is that through our analytical reports, there can be a push for better access control in order to better prepare to face these types of trends head-on, especially for those responsible for server security.”

For the full copy of the web application threat trends report from the second half of 2015, please visit the Reports section of the Penta Security Systems website.


About Penta Security:

Penta Security Systems Inc. (CEO/Founder Seokwoo Lee) is a leading provider in data and cyber security solutions and services. With over 19 years of IT security expertise, Penta Security is recognized by Frost & Sullivan as the top Web Application Firewall vendor in the APAC region based on market share. For more information on Penta Security Web security services, please visit www.pentasecurity.com. For potential partnership inquiries, please send an email to info@pentasecurity.com