Magazine article Security Management

All Applications Are Not Created Equal. (Tech Talk)

Magazine article Security Management

All Applications Are Not Created Equal. (Tech Talk)

Article excerpt

Many e-business applications are rife with basic design flaws that render them--and the networks they sit on--wide open to attack, according to a report by security consultant @stake. "The Security of Applications: Not All Are Created Equal" provides details on the state of security for 45 e-business applications including commercial packages from leading software companies, middleware platforms, and end-user e-commerce applications. The 18-month assessment identified nearly 500 significant security defects. Most of these, the report concludes, "could have been caught--and fixed inexpensively--during the design stage."

According to the report, application security design flaws occur in several common areas. First, nearly two-thirds of all the applications assessed allowed access controls to be bypassed, and more than a quarter sent passwords over the network unencrypted.

The next common weakness, referred to in the report as the "Achilles' heel of most e-business applications," is related to the session identifier, a unique, random number that is often stored as a cookie.

When these identifiers are unencrypted, they can be stolen and used to hijack a session. Almost a third of the applications tested were vulnerable to this type of attack. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.