OpenHack 4 Finale: Are Web Apps Safe?

It's a wrap for OpenHack 4; now to focus on the lessons learned on securing Web apps.

What do hackers in Beijing, Sao Paulo, Madrid and Kuala Lumpur have in common? They were among the hackers who launched more than 50,000 attacks against our OpenHack 4 Web site. And, except for two relatively minor penetrations, all those attacks failed.

As the version number suggests, this was our fourth interactive security evaluation in which we deployed an enterprise-level IT application on the Web and invited the world to hack in. In the previous versions, we focused on firewalls, intrusion detection systems and trusted operating systems. This time, our West Coast technical director, Tim Dyck, decided to focus on Web application security. These evaluations are big undertakings for us, as is evident from our special wrap-up report. The tests require close cooperation and confidence among our Labs analysts, vendors and hosting providers.

Each time weve engaged in an OpenHack event, weve come away with a sense of wonder at the industriousness of the hackers, as well as an admiration for the vendors willing to put the security of their products in an open test available for all to see. We like to think these tests play at least a minor role in advancing the security of the Web. We know that until the Web can be seen as a truly safe place to conduct business, the promise of the Web will never be fulfilled. Read Tims article to find the lessons we have learned this time around, and be sure to read Jeremy Poteets accompanying article to find out how he was able to penetrate one area of the OpenHack 4 Web site.

While youre in the eWeek Labs section, look at Jim Rapozas review of Metaserver 4.0. One of the hottest IT topics is business process integration. While the concept of tying together disparate business systems is compelling, how you accomplish that is an evolving technology. See Jims review, for, as he states, Metaserver is a product that "provides the closest thing to a GUI-driven, out-of-the-box experience BPI will probably ever see."

And will we ever see the computer vendors willing to offer boxes based on AMDs chips as well as Intels? In an exclusive interview with Hector de Ruiz, the AMD CEO tells eWeek Executive Editor of News Mike Zimmerman that the pricing and compatibility equation of AMD chips will be the force to break Intels hold on box builders. See "AMD Places Chips on 64" for the view from the top of AMD on how the company intends to take on the Intel giant.