Conclusion

Today it is becoming very difficult to protect organizations and end-users against the mix of attacks and infections in web sites. People rely too much on search engines and popular web sites for day to day surfing, but the risks of visiting these sites have become very dangerous.

Hackers are now targeting high-profile sites with many visitors to infect as much PCs as possible. This allows them to create botnets, but also steal personal information, credit cards, e-banking credentials, and much more.

Traditional network security controls like firewalls, anti-virus, intrusion detection, … fail to protect against these emerging threats.

The only possibility is to protect both sides of the web:

  1. The visitor of the web site by securing his web traffic
  2. The web server that it is resilient enough against automated attacks and OWASP Top 10 vulnerabilities

At the time of writing this whitepaper, Websense released their Websense Security Labs report - State of Internet Security, Q1-Q2 2009, http://www.websense.com/downloadthreatreport

Some important figures that confirm our findings:

-233% growth in the number of malicious sites in the last six months and a 671% growth during the last year.
-  77% of Web sites with malicious code are legitimate sites that have been compromised.
-  95% of comments to blogs, chat rooms and message boards are spam or malicious.
-  57% of data-stealing attacks are conducted over the Web.
-  85.6% of all unwanted emails in circulation contained links to spam sites and/or malicious Web sites.