News: Bug Watch: Developers at fault

Advisories

Discover Vendors/Products News

Bug Watch: Developers at fault

In my line of work it is inevitable, but always shocking, to see the number of high-risk security flaws developers have left behind. Most worryingly, a major proportion of vulnerabilities are due to a basic misunderstanding of the internet protocol and . . .
In my line of work it is inevitable, but always shocking, to see the number of high-risk security flaws developers have left behind. Most worryingly, a major proportion of vulnerabilities are due to a basic misunderstanding of the internet protocol and system software used to host or use the web application.

Many developers fail to understand the nuances of the HTTP protocol and assume that it is too difficult, or not worth the trouble, for an attacker to assault their custom application. Developers must assume that every packet of data not coming from the organisation's hosts and servers can be modified.

Infrequently, 'security aware' sites manage to correctly implement input validation rules for client data. Unfortunately, all client-side checking and data validation processes can be bypassed by an attacker using commonly available tools and methodologies.

The link for this article located at VNUNet is no longer available. 

 

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.