Forum Index
Home Forum Radio Memberlist Help Search Quick Links

It appears you have not yet registered with our community which limits what you can do & see. It's Free To register, please click here.



Forum Index » Internet » Security Alerts and vulnerabilities » Web Applications - Next Generation Security Threats
Register Calendar Gallery Mark Forums Read

Security Alerts and vulnerabilities Lets keep abreast on the latest threats by posting those findings here..

Reply
 
Thread Tools Display Modes
  #1  
Old 01-03-2007, 11:07 AM
Symantec's Avatar
Symantec Symantec is offline
Senior Member
  
Join Date: Oct 2006
Posts: 295
Web Applications - Next Generation Security Threats
Web Applications - Next Generation Security Threats
<p>"A browser" – that’s all we were led to believe the next generation would need to create office applications or engineering applications. Now, the focus on security has begun to divert in that direction. Statistics from the first half of 2006 showed that 69 percent of exploitable vulnerabilities were from Web applications. Web application vulnerabilities usually get mixed up with server vulnerabilities, although the two are distinctly different. Web developers who design Web sites are not usually security gurus. The developers will often leave behind various security holes in the Web application because of bad coding practices and a lack of security reviews.</p>

<p>On one hand, there are many security experts around the world who fuzz Web servers with variations in order find another zero-day. The end result is that the gap between popular Web servers and exploitable vulnerabilities within them is increasing. It has been a long time since we have seen a completely exploitable security breach for a default/patched installation of IIS. It doesn't mean that there won't be such vulnerabilities in future. There will be, but the frequency has been greatly reduced, for now.</p>

<p>However, on the other hand, how many of us concentrate on fuzzing a Web application? The server running the application would essentially be the same, but the Web application running on top of it could be anything. Ajax, as a technology, seems to be taking the Internet in a new direction. It is now a fact that browsers on our mobile phones are capable of showing us movies, writing office documents, creating applications, or anything that previously only an operating system could perform. In other words, browsers could take over operating systems. Unfortunately, this new technology could also lead to new types of threats that are focused on browsers and Web applications. Or, is it safe to say that the focus has already started to divert?</p>
http://www.symantec.com/enterprise/security_response/weblog/2006/12/web_applications_next_generati.html
http://www.symantec.com/enterprise/security_response/weblog/2006/12/web_applications_next_generati.html
Thu, 07 Dec 2006 07:00:00 -0800
Reply With Quote
Posted


Reply

  • Submit Thread to Digg Digg
  • Submit Thread to del.icio.us del.icio.us
  • Submit Thread to StumbleUpon StumbleUpon
  • Submit Thread to Google Google
    • Bookmarks

    « Previous Thread | Next Thread »
    Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
     
    Thread Tools
    Display Modes
    Linear Mode Linear Mode

    Posting Rules
    You may not post new threads
    You may not post replies
    You may not post attachments
    You may not edit your posts
    BB code is On
    Smilies are On
    [IMG] code is On
    HTML code is Off
    Forum Jump



    All times are GMT -5. The time now is 10:13 AM.

    Contact Us - CyberAnswers - Archive - Privacy Statement - Top

    Firefox 2