UK.biz lax on web app security Web application security among UK corporates is getting worse, according to audits carried out by CESG-accredited security consultancy NTA Monitor. NTA Monitor reports a ten percentage point increase in the total number of web applications found to have at least one high-risk security issue. A quarter (27 per cent) of all web …
If you're using Apache then also check out "Mod Security". This can help block many types of http attack and prevent information leaks if someone does manage to break in.
"DOS Evasive" is also a good one to try, but it seems to have gone AWOL from (what was) its offical web site so you will need to do some digging to find it. Alternatively, you could configure your firewall (pf, if you're using OpenBSD - and why wouldn't you?) to help mitigate DoS attacks.
If you have a free text input field then it should accept all characters no matter which ones they are. You can't tell someone their name is wrong because it contains something that conflicts with your shitty coding/database.
Parameters...That is all.
... are SQL injection attacks even still possible these days and who are these numpties that are churning out these shitty webapps that swallow any old user input and without bothering to sanitise it? HOW are they even getting past the interview stage?
I mean, even trusty old Python running as CGI (nothing fancy, nothing cutting edge) can automatically and reliably sanitise the stream if you ask it to, without any further work from the developer.
This is simply silly. Anyone doing such piss-poor development should be not only dismissed but also possibly be held legally accountable for their irresponsible work.
Its not the development language in use or the paradigm, its simply not knowing what they are doing.
Developers commission security test. Test finds vulnerability. Vulnerability is fixed. Fuss over nothing.
One explanation of the results might be that people who didn't take security seriously before are now doing testing for the first time.
Let's see some results from a survey of hackers to get a true picture of the security landscape.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
