Web Development – one day we’ll get it right
Web App Offense
Author(s): Kurt Seifried
A few tools and tricks can find and correct web app vulnerabilities.
So, I just checked – from January 1, 2010, to October 9, 2011, 8,917 Common Vulnerabilities and Exposures (CVEs) were issued. Of these, 873 were related to cross-site scripting (XSS), which is just a hair under 10 percent. Of the remaining webrelated vulnerabilities, cross-site request forgery (CSRF) [1], file source disclosure (whereby PHP contents are shown as text rather than a rendered web page), and so on were well represented. But over time, things are getting better, right?Not really; out of 51,353 total CVEs 6,580 are related to XSS, and if you plot the bugs over time, a generally upwardtrending curve appears. So, how does one go about fixing this situation? The good news is that some excellent resources are freely available. The bad news is that people don’t seem to be using them.
Read full article as PDF » 058-059_Kurt.pdf 866.28 kB
|
Rikki's Open Source Exchange
|
|---|
|
Stop by Rikki's Open Source Exchange for dispatches from the world of women in open source.
Rikki Kite examines the experience of women across the spectrum of open source –
the people, projects, organizations, events, articles, issues, and news. more...
|
|
Comments