Bug Watch: Developers at fault

Friday, 28 June 2002, 1:11 AM EST

In my line of work it is inevitable, but always shocking, to see the number of high-risk security flaws developers have left behind. Most worryingly, a major proportion of vulnerabilities are due to a basic misunderstanding of the internet protocol and system software used to host or use the web application.

Many developers fail to understand the nuances of the HTTP protocol and assume that it is too difficult, or not worth the trouble, for an attacker to assault their custom application. Developers must assume that every packet of data not coming from the organisation's hosts and servers can be modified.

Infrequently, 'security aware' sites manage to correctly implement input validation rules for client data. Unfortunately, all client-side checking and data validation processes can be bypassed by an attacker using commonly available tools and methodologies.

[ Read more ]




Spotlight

Unpatched, vulnerable PDF readers leave users open to attack

Unpatched, vulnerable PDF readers are a big security issue for private PC users. 14% of PC users in the US have an unpatched operating system, and that Oracle Java yet again tops the list of applications exposing PCs to security risks.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Fri, May 1st
    COPYRIGHT 1998-2015 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //