Websites are now the number one target of choice for attacks by hackers. Their attacks have moved from the well-defended network layer to the more accessible Web application layer that people use every day to manage their lives and transact business. The sites where consumers shop, bank, manage their healthcare, pay insurance, book travel and apply to college are now under a near-constant barrage of attacks intent upon stealing their credit card numbers and other personal / private information.

The 2010 Verizon Data Breach Investigation Report confirms that the majority of breaches and almost (95%) of the data stolen in 2009 was perpetrated by remote organized criminal groups hacking “servers and applications.” When companies lack adequate protection and security for their websites the results are clear: Theft of data, malware infection, loss of consumer confidence, and failure to meet regulatory requirements. Certainly, no company today can afford the reputation that its websites are open to hackers. And with many states, the federal government, and the payment card industry mandating full disclosure, it is unrealistic and extremely risky to merely hope that a hacker will attack someone else’s website.

How can companies prevent attacks on their websites? The first step is to understand the fundamentals of Web security. This white paper will examine 10 vital website security issues that affect software developers and information security professionals. Understanding these issues will enable companies to understand the seriousness of the current security problems, and then to establish methods for managing vulnerabilities and developing an overall strategy for website risk security.

Overall, readers can consider the 10 issues presented here as a first step in the exploration of website security that can successfully prevent organizations and their customers from becoming victims of malicious hacking.