This is cache of http://ravichar.blogharbor.com/blog/_archives/2007/3/16/2811326.html. Cache is the snapshot of article that we took when we index feed.
To see original page click here.
We are not affiliated with the authors of this article and not responsible for its content.
Website Security
2007-03-16 17:59:11 by RaviC in Musings on Information Security
 

Recently I attended a Website Security breakfast event organized by WhiteHat. Security expert Bill Penington talked about the lifecycle of vulnerability. Another Security expert Jeremiah Grossman shared some interesting stats about vulnerabilities in web application. This was an event packed with lot of takeaways and also I met several interesting security professionals.

Here are some salient features about website (or web application) security:

1. Web was not inherently designed to be secure ground up.

2. Platforms are insecure (OS, Database, Applications)

3. Web programming languages are immature.

4. Protection mechanism is non-existent by default.

5. Browsers are riddled with security holes.

6. Web programmers and users make mistakes.

7. Web applications change frequently i.e. they have a shorter release cycles.

8. Business logic vulnerabilities are hard to detect.

 

 
Tags: security, web, web application, security professionals, web programmers, business logic vulnerabilities, vulnerabilities, shorter release cycles, security holes
 
 
 
 
 
TOP SEARCH
Expand / MinimizeClose Widget
  •  
RECENT SEARCH
Expand / Minimize
  •  
RELATED VIDEO
Expand / Minimize
SecurityRatty FAQ
Sergey Zarubin, 31yo
CISSP, CCSP
Moscow, Russia