The next wave of hacking schemes focuses on a vulnerable and extremely difficult area to defend: Web applications. Application hacks take advantage of vulnerabilities that normally occur in many HTML pages. A person hacking into a Web page could, for example, . . .
The next wave of hacking schemes focuses on a vulnerable and extremely difficult area to defend: Web applications. Application hacks take advantage of vulnerabilities that normally occur in many HTML pages. A person hacking into a Web page could, for example, edit Web site parameters within a URL field and adjust a price. In addition, the URL field is often open to other such "forced browsing" attempts and can provide access to Common Gateway Interface, Visual Basic or Java scripts and, by extension, the Web server. The problem is that once a user is assumed to be authenticated and has reached this area of a Web site, there is little that can be done to prevent him or her from doing damage.

"Most of the successful attacks are application attacks because most of the important data is stored in those systems," said Alan Paller, director of research at the SANS Institute, in Bethesda, Md. "Applications never had a very big face to the outside world, and the OS had all of those ports you could try. So, it was just convenience that most of the attacks in the past were on the OS. If you want the customer log or the credit card data, you're going through the application."

The link for this article located at ZDNet is no longer available.