Companies running web servers who are looking to make sure their sites are protected against the threat of cybercrime need to make sure all their software is up to date, as this has been identified as one of the key risks facing the web.
With so much to think about when it comes to deploying and then maintaining a website, it may be understandable that patching software applications and upgrading solutions falls down the list of priorities. After all, as long as a site is up and running and working effectively, this could be the main thing developers focus on.
However, what this may mean is that good patching practices get neglected and it may be only when high-profile updates are in the news - such as Oracle's recent patch to fix a serious exploit discovered in Java - that spurs companies into action to check their own security.
Web servers 'key source of risk'
One expert to stress the importance of having the right software recently was HD Moore, chief information security officer at Rapid7 and founder of the Metasploit framework. He told the RSA 2013 conference about a scan he performed on the IPv4 web space that found many security flaws are based on outdated software.
Esecurity Planet reported he found old versions of software such as Microsoft IIS and Apache HTTPD were common, all of which could be at risk from publicly-known vulnerabilities that have been removed in newer versions of the software.
Backbone of the net
Having the most up-to-date tools on these systems is essential, as Mr Moore stated: "Web servers make the internet go around." Therefore, not being on the ball when it comes to maintaining these solutions has the potential to be hugely costly to firms as they could leave themselves exposed to significant risk.
Even though many developers' primary concerns may be on zero-day vulnerabilities, which dominates media hype and much security research, the fact that revealed exploits can be discovered anywhere and then used against slow to react companies is a serious problem that needs to be addressed.
