Wordfence analysts reported that around 20 million attacks targeted over 900,000 WordPress sites on May 3, 2020. It was also reported that most of the attacks were attempting a Cross Site Scripting (XSS) attack, hoping to target vulnerabilities in some older and less popular plug-ins found in the WordPress tools.
From a security point of view it’s interesting that the WordPress attack primarily targeted XSS vulnerabilities. XSS is #7 on the OWASP Top 10 Application Security risks, so you’d think that it’s one of those vulnerabilities that we have control over and can protect applications from new XSS attacks. But a study done by Mozilla showed that 93% of websites had no protection from XSS attacks.
One of the unique characteristics of XSS attacks it that they affect vulnerabilities on both the client and server side. Unfortunately, traditional perimeter security tools like WAFs (Web Application Firewalls), require a lot of tuning to make them effective at protecting applications and companies don’t typically have the security resources required to do an adequate job.
So, what can you do to make yourself safe from attacks?
WordFence analysts recommended keeping your site’s plugins and themes up to date with the latest releases (that have patches for known vulnerabilities). While that helps with protection for known vulnerabilities, it doesn’t protect organizations from true zero day vulnerabilities and attacks. Organizations need to take application security seriously, starting with protection for well-known problems like the OWASP Top 10 and protection for zero day attacks. We have to stop the problem when an attack first starts, not after we find the web site or application has been compromised
K2’s runtime deterministic application security platform monitors the application and has a deep understanding of the application’s control flows, DNA and execution. By validating the application’s control flows, deterministic security is based on the application itself, rather than relying on past attacks to determine a zero day attack. Deterministic security results in the detection of sophisticated zero day attacks and also protects from application from the risks listed in the OWASP Top Ten.
K2’s Next Generation Application Workload Protection Platform addresses today’s need for runtime security in an easy to use, easy to deploy solution. K2’s unique deterministic security detects new attacks without the need to rely on past attack knowledge, is lightweight, and adds under a millisecond of latency to the running application. To aid in quick remediation of vulnerabilities, K2 also provides detailed attack telemetry including the code module and line number being in the code being attacked, while at the same time integrating with leading firewalls to do real time attacker blocking.
Change how you protect your applications.
Find out more about K2 today by requesting a demo, or get your free trial.