OpenHack 4 Finale: Are Web Apps Safe?
It's a wrap for OpenHack 4; now to focus on the lessons learned on securing Web apps.What do hackers in Beijing, Sao Paulo, Madrid and Kuala Lumpur have in common? They were among the hackers who launched more than 50,000 attacks against our OpenHack 4 Web site. And, except for two relatively minor penetrations, all those attacks failed. As the version number suggests, this was our fourth interactive security evaluation in which we deployed an enterprise-level IT application on the Web and invited the world to hack in. In the previous versions, we focused on firewalls, intrusion detection systems and trusted operating systems. This time, our West Coast technical director, Tim Dyck, decided to focus on Web application security. These evaluations are big undertakings for us, as is evident from our special wrap-up report. The tests require close cooperation and confidence among our Labs analysts, vendors and hosting providers.
Each time weve engaged in an OpenHack event, weve come away with a sense of wonder at the industriousness of the hackers, as well as an admiration for the vendors willing to put the security of their products in an open test available for all to see. We like to think these tests play at least a minor role in advancing the security of the Web. We know that until the Web can be seen as a truly safe place to conduct business, the promise of the Web will never be fulfilled. Read Tims article to find the lessons we have learned this time around, and be sure to read Jeremy Poteets accompanying article to find out how he was able to penetrate one area of the OpenHack 4 Web site.