Saturday, October 01, 2005
java.net: Handling Java Web Application Input, Part 1
Inadequate data validation is the most common cause of security exploits suffered by web applications today. A staggering fact is the high number of applications exploited through weak validation. This is due to the simplicity of such an attack. No longer do attackers have to spend vast amounts of time researching ways to circumvent the security infrastructure of an application. An attacker can use freely available tools to scan for vulnerable websites. Using these findings, an attacker can use a web browser to ghost straight through firewall rule sets on port 80, altering the intended behavior of an application. This is true never more so than today. There are a multitude of technologies and frameworks available. Engineers are under increasing pressure to complete work on time, and hence place a heavy reliance on such tools. However, such technology may not adequately deal with user input to meet all cases, and as a result may introduce unintentional security vulnerabilities. Therefore, it is of paramount importance that secure coding practices are in place to close any possible doorway that permits such nefarious attacks to take place
Subscribe to:
Post Comments (Atom)
Popular Posts
- Linux Forum: Apache, Webmin and Mandrake - Linux Operating System Help
- Yahoo! Mail: Revenge of the Oddpost
- Free AS400 & iSeries Software Tools & Utilities Downloads
- Fast-track your Web apps with Ruby on Rails
- The Laughing Boardroom video...a real world example!
- Basic Requirements of a JavaServer Faces Application
- UDATE and *DATE in AS400 RPG
- IBM eServer iSeries - The Laughing Boardroom
- Creating an as400 Query
- AS400 APIs
No comments:
Post a Comment