OpenHack 4 Finale: Are Web Apps Safe?

By Eric Lundquist  |  Posted 2002-12-02 Print this article Print

It's a wrap for OpenHack 4; now to focus on the lessons learned on securing Web apps.

What do hackers in Beijing, Sao Paulo, Madrid and Kuala Lumpur have in common? They were among the hackers who launched more than 50,000 attacks against our OpenHack 4 Web site. And, except for two relatively minor penetrations, all those attacks failed.

As the version number suggests, this was our fourth interactive security evaluation in which we deployed an enterprise-level IT application on the Web and invited the world to hack in. In the previous versions, we focused on firewalls, intrusion detection systems and trusted operating systems. This time, our West Coast technical director, Tim Dyck, decided to focus on Web application security. These evaluations are big undertakings for us, as is evident from our special wrap-up report. The tests require close cooperation and confidence among our Labs analysts, vendors and hosting providers.

Each time weve engaged in an OpenHack event, weve come away with a sense of wonder at the industriousness of the hackers, as well as an admiration for the vendors willing to put the security of their products in an open test available for all to see. We like to think these tests play at least a minor role in advancing the security of the Web. We know that until the Web can be seen as a truly safe place to conduct business, the promise of the Web will never be fulfilled. Read Tims article to find the lessons we have learned this time around, and be sure to read Jeremy Poteets accompanying article to find out how he was able to penetrate one area of the OpenHack 4 Web site.

While youre in the eWeek Labs section, look at Jim Rapozas review of Metaserver 4.0. One of the hottest IT topics is business process integration. While the concept of tying together disparate business systems is compelling, how you accomplish that is an evolving technology. See Jims review, for, as he states, Metaserver is a product that "provides the closest thing to a GUI-driven, out-of-the-box experience BPI will probably ever see."

And will we ever see the computer vendors willing to offer boxes based on AMDs chips as well as Intels? In an exclusive interview with Hector de Ruiz, the AMD CEO tells eWeek Executive Editor of News Mike Zimmerman that the pricing and compatibility equation of AMD chips will be the force to break Intels hold on box builders. See "AMD Places Chips on 64" for the view from the top of AMD on how the company intends to take on the Intel giant.

Since 1996, Eric Lundquist has been Editor in Chief of eWEEK, which includes domestic, international and online editions. As eWEEK's EIC, Lundquist oversees a staff of nearly 40 editors, reporters and Labs analysts covering product, services and companies in the high-technology community. He is a frequent speaker at industry gatherings and user events and sits on numerous advisory boards. Eric writes the popular weekly column, 'Up Front,' and he is a confidant of eWEEK's Spencer F. Katt gossip columnist.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel