Despite the rise of emerging technologies like cloud and mobile - and the continued advancement of social engineering and phishing - attacks on web applications remain a primary method for stealing sensitive data, especially in industries like finance, retail and health care. In fact, Trustwave uncovered more than 24,000 vulnerabilities in web applications in 2015 through its on-demand security scanning and testing service.
From cross-site scripting to SQL injection to exploitable vulnerabilities residing in popular CMS platforms like WordPress, attacks targeting web applications still serve as the basis for massive data breaches. Why do web apps continue to pose such a problem and what can organizations do to mitigate the threat? In the video above, we asked two SpiderLabs research managers at Trustwave for advice on shoring up an age-old target.