Why your Web apps are sitting ducks
Despite improvements in code quality, Web servers remain at high risk of being hacked, according to a new paper from researchers who use honeypot technologies to examine how hackers tick.
The Honeynet Project, which provides real systems for unwitting attackers to interact with, says Web applications remain vulnerable for host of reasons. These include poor-quality code, the fact that attacks can be performed using PHP and shell scripts (which is generally easier than using buffer-overflow exploits), and the emergence of search engines as hacking tools.
[ Read more ]