July 28, 2005

Security: Which Half Are You Missing In Your Applications

Security is like a puzzle. You can have so many things right, but if you have just one thing wrong, everything else does not matter. If you are only concentrating on your core network (PC's, servers, routers, firewalls) you are doing right, but there's another part YOU must consider.

Your applications. Maybe you have an ecommerce system to take orders for your shoe store, can hackers enter special characters in the zip code field that give them administrator access to your database?

Can hackers manipulate your security by adding question marks or other strings into the web address of your database? Whether you or someone else is creating your web applications make sure they are SECURE.

There's many companies offering solutions for securing web based applications. One of them, Syhunt announced that its Sandcat Miner software now features a database of over 180 web application security checks, covering over 33 types of web security attacks.

"With the Sandcat suite of tools, organizations can proactively find security issues with their web sites and applications. The Miner module gives organizations the flexibility to find serious issues like SQL injections and buffer overflows in their environment before the bad guys do. With more attackers focusing on the application layer, it just makes sense to test it before someone else does it for you", said Brent Huston, a leading security expert at MicroSolved and co-author of the book "Hack Proofing Your E-Commerce Site".

For more information check out the Open Web Application Security Project, dedicated to finding and fighting the causes of insecure software.

0 comments