For the past five years a silent but revolutionary shift in focus has been changing the information security industry and the hacking community alike. As people came to grips with technology and process to secure their networks and operating systems using. . .
For the past five years a silent but revolutionary shift in focus has been changing the information security industry and the hacking community alike. As people came to grips with technology and process to secure their networks and operating systems using firewalls, intrusion detection systems and host hardening techniques, the world started exposing its heart and soul on the Internet via a phenomenon called the world wide web. The web makes access to customers and prospects easier than was ever imaginable before. Sun, Microsoft and Oracle are betting their whole business's on the web being the primary platform for commerce in the 21st century.

But its akin to a building industry thats spent years developing sophisticated strong doors and locks, only to wake up one morning and realize that glass is see thru, fragile and easily broken by the casual house burglar. As security companies and professionals have been busy helping organizations react to the network security concerns, little attention has been paid to applications at a time when they were the fastest and most widely adopted technology being deployed. When I started moderating the web application security mailing list at www.securityfocus.com two years ago, I think it is safe to say people were confused about the security dangers on the web. Much was being made about malicious mobile code and the dangers of web based trojans. These parlor tricks on users were really trivial compared to the havoc being created by hackers attacking web applications. Airlines have been duped into selling transatlantic tickets for a few dollars, online vendors have exposed millions of customers valid credit card details and hospitals have revealed patients records to name but a few. A web application attack can stop a business in its tracks with one click of the mouse.

Just as the original Hacking Exposed series revealed the techniques the bad guys were hiding behind, I am confident "Hacking Web Applications Exposed" will do the same for this critical technology. Its methodical approach and appropriate detail will be both enlighten and educate and should go a long way to make the web a safer place in which to do business.