Comment: Web sites insecure as ever
Most, if not all, of corporate web sites are fundamentally insecure. And this insecurity can allow attackers to access databases, delete or change information, and cause absolute chaos with very little effort or technical know how.
The problem is with web applications. Back in the good old days when companies used the internet for nothing more than hosting an elaborate electronic brochure, there was no threat. The IT guys would have little to do with the process, with the marketing department taking responsibility for outsourcing most of the work to third-party web developers.
Well things have changed. The level of interaction through corporate sites is overwhelming, and web applications allow this interaction to take place - whether it be shopping carts, authentication services or money transfers.
[ Read more ]