Internet Security Insider Melih Abdulhayoglu reminds us that web servers are, after all, computers, which can and do become infected with malware. Unfortunately, infected web servers are highly efficient malware distribution points.
According to the most recent IBM X-Force report there has been a large increase in Web application attacks that recruit infected PC’s into botnets. Also, SQL injection attacks – instances where criminals inject malicious code into legitimate Web sites – rose 50 percent from Q4 2008 to Q1 2009 and nearly doubled from Q1 to Q2.
Criminal hackers are taking advantage of the fact that there is no such thing as a safe browsing environment and are leveraging insecure Web applications to target legitimate Web site users.
Abdulhayoglu advocates the extension of default deny technology – a whitelisting approach to computer protection that puts prevention as a first line of defense rather than detection, to the web server arena.