The internet has enabled the deployment of complex web applications that organizations employ to offer location transparent services. Customers of organizations that employ web applications benefit from the convenience of accessing needed services without leaving their homes or offices.
However, deploying complex web applications has also provided opportunities for malicious hackers to create havoc. Hackers can cause severe damage to both the infrastructure and goodwill of the target organizations by exploiting web applications. For example, hackers have been known to exploit web applications to steal user information, including credit card data, bank account information, retirement plan data, and the like. Furthermore, as the number of web applications increase the threat posed by hackers will increase.
In response to hackers, organizations employ a variety of methods, systems, and protocols, in an attempt the limit the damage that hackers can do to their applications. Much of this effort has been oriented towards preventing external attackers from breaking into the web application and its parent computer system. However, attacks from “insiders” are also very common. These “insiders” are persons with malicious intentions who have genuine accounts which give them access to target web applications. Similarly, once an “outside” hacker breaks into a web application the hacker often takes on the appearance of a bona-fide customer. “Insider” attacks can be difficult for organizations to defend against because aggressive internal security procedures may alienate valuable customers.