Chapter 2. Threats Targeting Your Web Applications

There are numerous security threats to modern web applications, including malicious bots, distributed denial-of-service (DDoS) attacks, malware, and application vulnerabilities, as well as application programming interfaces (APIs) and mobile application risks. In this section, we focus on how these threats work and how they could affect your business.

Malicious Bots

Malicious bots are rogue devices that pose a growing risk to modern web applications. The flexibility, increasing sophistication, and power of malicious bots make them formidable threats to your application security. Malicious bots can perform account takeovers, account creations, credit card fraud, DDoS attacks, and more. Malicious bots can exploit application vulnerabilities as well as attack via APIs and mobile applications. Moreover, malicious bots are responsible for launching the world’s largest DDoS attacks on record as well as spreading malware and exploit kits. All of these activities can affect performance, availability, and ultimately your bottom line.

Malicious bots are increasingly being utilized to infiltrate enterprise web applications at the network or cloud edge. This particular threat is what poses likely the most significant threat to your web applications. As a result, we cover this topic in more detail in Chapter 3, where you’ll learn how malicious bots work, how they circumvent your security posture, and, more importantly, how they can affect ...

Get Securing Web Applications now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.