Magazine Subscribe Events Careers Backblog About Press Releases Media Kit Supplements Books
Top 300 Issue 2007 Latest Issue Archive Editor's Letter From the Publisher Sponsors / Advertisers
Current Issue

Power Lunch and ...

 a Power Lunch*
and a feature story
- on you - in Backbone
and an iPhone or a BlackBerry

To enter...
Fill out a readership survey 
(confidential)

*with Dave Chalk, technology expert and our editor, Peter Wolchak
Portals
Backbone's information on...


Careers

Data Management

Economic Development

Education

Green

Health
New Supplement

Olympic Tech
New Supplement

Outsourcing 
New Supplement

Security

Social Networking

Tech Associations Canada

Travel

Unified Communications & VoIP

Web 2.0

Wireless 
Multimedia

sponsored by



Videos - NEW

Small Business
Case Studies -NEW

Webcasts

How-to Guides

Guide for Small Business


Is your company eligible to be featured in an Intel Small Business Case Study?
Vulnerable: most Web sites are wide open to attack July 1, 2007 
By Paul Lima

 
You work your butt off to get a Web site running in time for the launch of a major marketing campaign. You wring your hands in anticipation. As sales roll in, your team pops champagne corks in celebration. And then it all goes south. Clients report their credit cards have been used for unauthorized purchases or their identities have been stolen. Authorities trace it back to you. Your site has been hacked and invaders are running through your database.

Think it can’t happen? Of 3,200 Web sites scanned for security vulnerabilities, 70 per cent were found to contain “high or medium vulnerabilities” and were at “serious and immediate risk” of being hacked, according to a year-long study conducted by Acunetix, a Web application security solutions company.

Ninety-one per cent of the Web sites that could be hacked contained serious vulnerabilities such as SQL injection and cross-site scripting, and less serious openings such as local path disclosure or directory listings. These openings allow hackers to collect, alter, add or delete database information; even minor vulnerabilities can cost companies time and money.

There is a high probability these vulnerabilities can be used by hackers, said Tamara Borg, a spokesperson for Acunetix, and companies in Canada and the U.S. are bound by law to protect customer data.

“With the advent of online applications, hackers have shown increased interest in breaching Web security through vulnerabilities such as cross-site scripting bugs and SQL injection flaws. Even though these have been around for years, such security problems are increasingly being reported and exploited.

” Steve Gibson, president of Gibson Research, said in a security podcast: “All Web servers should guard against these attacks, even ones that don’t perform critical tasks.”

Complex dangers
Companies should use vulnerability tools to scan for potential security loopholes in shopping carts, forms, dynamic content and other Web applications that access databases, and check login and password strength on authentication pages. Once vulnerabilities are identified, steps can be taken to secure them. However, the security of Web applications is only one aspect that organizations should be looking at within their security posture, said David Senf, IDC (Canada) manager for Canadian software research.

For instance, most bank Web sites are themselves secure, but users can create vulnerabilities. For example, a keystroke logger, a small piece of software that secretly records keyboard strokes, could be downloaded along with a music file over a peer-to-peer sharing site. The attacker can steal the user’s login name and password when the music lover next visits the bank’s online site.

People also get phished—tricked into giving up personal, financial and login information—through e-mail come-ons that mimic messages one might expect to receive from a bank or credit card processing site such as PayPal. And Web surfers using Wi-Fi hotspots may not realize there is no firewall present or that the network employs low encryption settings. This means account information can be sniffed and captured easily.

“In other words, Web application vulnerabilities are only one weak link in a long chain of potential vulnerabilities,” Senf said. “No one security solution or no one vendor has all the answers or magic bullets.” Firms need a risk-management strategy to determine what threats could likely cause what damage. Then they have to determine what security software, hardware and services to buy.

“Protect the Web application for sure, but broaden the scope of the security to actually stop the bad guys,” Senf said.
Top Lists

Top 10 Facebook
your business tips

more lists>>
Top 300 Issue
 
Gadget of the Week (Canadian)



Boost your cell
ARC Wireless Freedom Blade

Mobile data and voice are great, as long as the signal is strong. And while mobile networks are pretty good these days, road warriors quickly discover that dead zones still exist.

more>>
Gadget of the Week (Japanese)




Sounds of Japan
Why record just the visual when you can capture the sounds as well.

more>>
Backblog RSS feed
Click to subscribe
Magazine | Events | Careers | Backblog | Press Release | Book Review | About Us | Media Kit
© 2006-2007 Backbone Magazine. All Rights Reserved. Privacy Policy | Terms of Use.