Web Development – one day we’ll get it right
Web App Offense
A few tools and tricks can find and correct web app vulnerabilities.
So, I just checked – from January 1, 2010, to October 9, 2011, 8,917 Common Vulnerabilities and Exposures (CVEs) were issued. Of these, 873 were related to cross-site scripting (XSS), which is just a hair under 10 percent. Of the remaining webrelated vulnerabilities, cross-site request forgery (CSRF) [1], file source disclosure (whereby PHP contents are shown as text rather than a rendered web page), and so on were well represented. But over time, things are getting better, right?Not really; out of 51,353 total CVEs 6,580 are related to XSS, and if you plot the bugs over time, a generally upwardtrending curve appears.
So, how does one go about fixing this situation? The good news is that some excellent resources are freely available. The bad news is that people don’t seem to be using them.
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
US / Canada
UK / Australia
News
-
Apple M1 Hardware Support to be Merged into Linux Kernel 5.13
Linux users will be able to install their favorite distribution on Apple’s M1-based hardware.
-
KDE Launches the Qt 5 Patch Collection
To support and maintain a stable Qt 5 for KDE Gears and Frameworks, KDE will maintain a patch collection.
-
Linux Creator Warns Next Kernel Could be Delayed
Linus Torvalds has issued concern about the size of kernel 5.12 and possible delays for its release.
-
System76 Updates its Pangolin Laptop
System76 has released a much-anticipated AMD version of their most popular laptop, the Pangolin.
-
New Debian-Based Distribution Arrives on the Market
TelOS is a new Debian-based Linux distribution with a customized, touch-screen-ready KDE Plasma 5 desktop.
-
System76 Releases New Thelio Desktop
One of the most ardent supporters of open source hardware has released a new desktop machine for home or office.
-
Mageia 8 Now Available with Linux 5.10 LTS
The latest release of Mageia includes improved graphics support for both AMD and NVIDIA GPUs.
-
GNOME 40 Beta has been Released
Anyone looking to test the beta for the upcoming GNOME 40 release can now do so.
-
OpenMandriva Lx 4.2 has Arrived
The latest stable version of OpenMandriva has been released and offers the newest KDE desktop and ARM support.
-
Thunderbird 78 Ported to Ubuntu 20.04
The Ubuntu developers have made the decision to port the latest release of Thunderbird to the LTS version of the platform.