Wednesday, May 04, 2011
IBM publishes white paper on website and web application security for (small) business
IBM has published, through Tech Republic, a brief white paper, “an Executive’s Guide to Web Application Security”. You can download it from (url) here, free, but you may have to fill out a survey.
Generally, the paper says that most corporate applications have vulnerabilities in several areas, including SQL databases themselves (injection attacks), cross-site scripting, “cookie poisoning” (which could compromise visitor or consumer locational privacy and even PII) , and parameter tampering.
Some of the vulnerabilities result from “unsafe code”, and others may result from less than airtight procedures in making deployments of web applications to production (the latter well known from the mainframe world).
Small businesses, many of whom may hire contractors to write their applications that deal directly with consumer interfaces, need to be wary also.