03 March 2007

Why your Web apps are sitting ducks

"Despite improvements in code quality, Web servers remain at high risk of being hacked, according to a new paper from researchers who use honeypot technologies to examine how hackers tick.

The Honeynet Project, which provides real systems for unwitting attackers to interact with, says Web applications remain vulnerable for host of reasons. These include poor quality code, the fact that attacks can be performed using PHP and shell scripts (which is generally easier than using buffer overflow exploits), and the emergence of search engines as hacking tools.

What's more, Web servers can be a gold mine for hackers, in that they have higher bandwidth connections than most desktops and often link to an organization's databases. The group's findings are outlined in a paper titled "Know Your Enemy: Web Application Threats." Researchers involved in honeynet projects in Chicago, Germany and New Zealand collaborated on the paper."

Click on the link below for the full article:


No comments: