Security Flaws in Web Applications

By eWEEK Labs  |  Posted 2008-05-14 Print this article Print


Security Flaws Lurking in Your Web Applications

Lots of companies have gotten to be very serious when it comes to making sure that all the applications they use are regularly and fully patched against bugs and security holes, and that these companies aren't using any older applications that are susceptible to known problems. But while this is a good thing to do, it doesn't address the entire application security profile.

That's because there are a number of other company applications-that are often very sensitive and very exposed-that are typically ignored in patching and update policies.

These are the mixed hodgepodge of Web applications and services that make up the external Web profile of many businesses today. Often these applications are little more than a few PHP scripts or some simple AJAX (Asynchronous JavaScript and XML).

These are the types of applications that are often the most at risk of being compromised by external hackers who know about the simple scripting hacks and known (although perhaps unknown to you) holes in old versions of applications.

Companies should have a full listing of all Web-facing applications and scripts that reside on their networks. For full products like open-source blogging and wiki systems, you must make sure that you are running the most up-to-date versions of the applications, and of the software components on which these applications depend. For custom applications, keep track of any potential problems that may come up in the underlying scripting technology.

This does mean regular tracking of security services like CERT and the main sites of these technologies, but since these applications are often the public face of your company, it is definitely time well spent. --JR


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel