AWS is now the world’s largest hosting company of web sites thanks in part to the scalability and performance they can provide modern web applications. Users of AWS can rely on the infrastructure security provided; however, AWS’s shared security responsibility model requires organizations to provide security for what they put in the cloud. This means that security of web sites is in the hands of cloud users. Many organizations feel that the network or data center security they have in place will protect their web sites from attack. However, web apps vulnerabilities can be easily exploited at the application layer, and these attacks are difficult or impossible to detect or prevent with traditional server security controls.
A poorly-secured web app can provide a direct route to sensitive data, internal networks, or databases. Earlier this year, a simple SQL injection attack enabled a Russian cybergang to steal over 1.2 billion user credentials from web sites around the globe. And it only takes a small change in a web application to open a serious vulnerability like SQL injection or cross site scripting.
Web apps in the cloud
So, is it possible to sleep easy at night when you put a favorite target of hackers in the cloud? Although there’s no silver bullet for web app security, with a combination of regular vulnerability scanning and fast mitigation of identified issues, you can ensure your site is not an easy target.
Find out the top three ways you can improve web app security and how to simplify vulnerability scanning in AWS in a joint AWS & Trend Micro webinar, Dec. 9 at 1 p.m. ET.
Learn more about Deep Security for Web Apps at webappsecurity.trendmicro.com.