Register a free account

ne nw
Crawlability Inc. Files for SEO Technology Patent
se sw

Go Back   Forum Index > Internet > Security Alerts and vulnerabilities
Reload this Page Web Applications - Next Generation Security Threats
The Software Store
Register Members List Social Groups Calendar Search Today's Posts Mark Forums Read FAQ

Security Alerts and vulnerabilities Lets keep abreast on the latest threats by posting those findings here..

Reply
 
Thread Tools Display Modes
  #1  
Old 12-07-2006, 11:11 AM
Symantec's Avatar
Symantec Symantec is offline
Senior Member
  
Join Date: Oct 2006
Posts: 300
Web Applications - Next Generation Security Threats
Web Applications - Next Generation Security Threats
<p>"A browser" – that’s all we were led to believe the next generation would need to create office applications or engineering applications. Now, the focus on security has begun to divert in that direction. Statistics from the first half of 2006 showed that 69 percent of exploitable vulnerabilities were from Web applications. Web application vulnerabilities usually get mixed up with server vulnerabilities, although the two are distinctly different. Web developers who design Web sites are not usually security gurus. The developers will often leave behind various security holes in the Web application because of bad coding practices and a lack of security reviews.</p>

<p>On one hand, there are many security experts around the world who fuzz Web servers with variations in order find another zero-day. The end result is that the gap between popular Web servers and exploitable vulnerabilities within them is increasing. It has been a long time since we have seen a completely exploitable security breach for a default/patched installation of IIS. It doesn't mean that there won't be such vulnerabilities in future. There will be, but the frequency has been greatly reduced, for now.</p>

<p>However, on the other hand, how many of us concentrate on fuzzing a Web application? The server running the application would essentially be the same, but the Web application running on top of it could be anything. Ajax, as a technology, seems to be taking the Internet in a new direction. It is now a fact that browsers on our mobile phones are capable of showing us movies, writing office documents, creating applications, or anything that previously only an operating system could perform. In other words, browsers could take over operating systems. Unfortunately, this new technology could also lead to new types of threats that are focused on browsers and Web applications. Or, is it safe to say that the focus has already started to divert?</p>
http://www.symantec.com/enterprise/security_response/weblog/2006/12/web_applications_next_generati.html
http://www.symantec.com/enterprise/security_response/weblog/2006/12/web_applications_next_generati.html
Thu, 07 Dec 2006 07:00:00 -0800
Reply With Quote
Sponsored Links

Reply

Bookmarks

« Previous Thread | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -5. The time now is 12:57 AM.

Contact Us - CyberAnswers - Archive - Privacy Statement - Top

234x60
Bulletin Board Custom Version by Mobo
Copyright © 2004-2007 Cyberanswers.org All rights reserved