Web application security vulnerabilities and strategies
Posted on 26 October 2011.
The use of web applications has soared recently, due to the significant value they can add to enterprises by providing innovative ways to interact with customers. However, so have the dangers.

Along with the benefits of these capabilities come security vulnerabilities that create dangerous risk and exposure. ISACA issued a new, free white paper which outlines the causes of web application vulnerabilities, examines the associated risk and impacts, and provides advice to mitigate risk. The guidance applies to all types of software development activities.

New web applications are client-server based and platform independent, require less computing power, and can be seamlessly integrated with online resources and services. Their use can result in time and cost reduction of processes, increased customer satisfaction, and increased revenue.

However, web application vulnerabilities open the door to the exploitation of sensitive corporate information, disruption of service and theft of intellectual property. Some common vulnerabilities identified in the white paper include:
  • SQL injection
  • Cross-site scripting
  • Insecure direct object reference
  • Information leakage
  • Insufficient anti-automation.
Marc Vael, Director of the Knowledge Board and Chairman of the Cloud Computing Task Force at ISACA said: “Organizations are performing more and more high-value or highly confidential transactions through the internet thanks to the insight in the many new opportunities and benefits. But in many cases we notice that executive management is not (made) fully aware of the real security risks.”

Vael continued: “On the contrary, managers tend to push hard to go ahead and launch the web solution(s), even when these are not properly tested. Thus a lot of assumptions and a false sense of trust reigns in many organizations on the security of their web applications, until it is too late.”

The free white paper is available here (registration required).





Spotlight

USBdriveby: Compromising computers with a $20 microcontroller

Posted on 19 December 2014.  |  Security researcher Samy Kamkar has devised a fast and easy way to compromise an unlocked computer and open a backdoor on it: a simple and cheap ($20) pre-programmed Teensy microcontroller.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Fri, Dec 19th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //