Web Development – one day we’ll get it right

Web App Offense

Author(s):

A few tools and tricks can find and correct web app vulnerabilities.

So, I just checked – from January 1, 2010, to October 9, 2011, 8,917 Common Vulnerabilities and Exposures (CVEs) were issued. Of these, 873 were related to cross-site scripting (XSS), which is just a hair under 10 percent. Of the remaining webrelated vulnerabilities, cross-site request forgery (CSRF) [1], file source disclosure (whereby PHP contents are shown as text rather than a rendered web page), and so on were well represented. But over time, things are getting better, right?Not really; out of 51,353 total CVEs 6,580 are related to XSS, and if you plot the bugs over time, a generally upwardtrending curve appears.

So, how does one go about fixing this situation? The good news is that some excellent resources are freely available. The bad news is that people don’t seem to be using them.

Read full article as PDF:

058-059_Kurt.pdf (866.28 kB)

Related content

comments powered by Disqus

Visit Our Shop

Trial Subscription

Digital Subscription

Subscribe

Direct Download

Read full article as PDF:

058-059_Kurt.pdf (866.28 kB)

Tag Cloud

Android Bruce Byfield Gnome KDE Kernel Linux Linux Pro Magazine Open Source Projects Red Hat Ubuntu events foss free software google

News