To bypass the protection of corporate networks and gain access to the local IT infrastructure of organizations, attackers need an average of four days, and a minimum of 30 minutes. About it research conducted by Positive Technologies specialists.
A security assessment of the network perimeter of enterprises conducted by Positive Technologies showed that 93% of companies can access resources on the local network, and even a low-skilled hacker can penetrate the internal infrastructure in 71% of organizations. At the same time, in 77% of cases, penetration vectors were associated with deficiencies in the protection of web applications. The remaining methods of penetration consisted mainly in the selection of credentials for access to various services on the network perimeter, including DBMS and remote access services.
A study by Positive Technologies notes that the bottleneck of web applications is vulnerabilities that occur both in proprietary software products and in solutions from well-known manufacturers. In particular, vulnerable software was found in the IT infrastructure of 53% of companies. βIt is necessary to regularly analyze the security of web applications. The most effective verification method is source code analysis, which allows you to find the largest number of errors. For proactive protection of web applications, it is recommended to use an application layer firewall (Web Application Firewall, WAF), which allows you to prevent the exploitation of existing vulnerabilities, even if they have not yet been discovered, βthe researchers say.
The full version of the Positive Technologies analytical study can be found at .
Source: 3dnews.ru