Bulletproof

Tuesday, 28 May 2002, 10:38 AM EST

Think about this: If organizations are employing a "defense-in-depth" approach to Web security, why are their Web servers still getting hacked? Most e-businesses place their Web servers inside a DMZ, a firewalled buffer zone between the untrusted Internet and trusted private network. Companies may even harden the Web server and monitor inbound packets with a network-based IDS. And yet, their Web site still gets defaced. What gives?

The answer is simple: Attackers don't target the strong points of the network; they go straight for the weakest link, which in many architectures is the Web app itself. Beyond the ever-present threat of Web defacements, unchecked vulnerabilities in Web servers such as Microsoft's IIS, Netscape's iPlanet and the open-source Apache are often exploited as a means of gaining access to higher-value assets inside the private network.

[ Read more ]




Spotlight

USBdriveby: Compromising computers with a $20 microcontroller

Posted on 19 December 2014.  |  Security researcher Samy Kamkar has devised a fast and easy way to compromise an unlocked computer and open a backdoor on it: a simple and cheap ($20) pre-programmed Teensy microcontroller.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Fri, Dec 19th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //