Thursday, October 18, 2007

Web Security Round Up

Core Impact, known for application security testing tools, is adding web application penetration testing to its suite.

In other web security news, CIO magazine gave some neat tips for securing Ajax applications. Ajax, a central feature of Web 2.0 applications, has taken it on the chin for security vulnerabilities. Since Ajax is client side with lots of JavaScript and XML, what else would you expect? Who said XML is pristine either? Without adequate input validation and checking it can also be chock full of injected malware.

Then there's the old URI handling bug that just doesn't want to go away. The bug is in how browsers -- not just IE -- parse URL's with links to executable code. It can allow the malicious passing of code to an unsuspected web surfer. Oh, boy. What else is new?

The URI bug reached the level of a CERT notification and was also a Microsoft security advisory.


Post a Comment

<< Home