Gotcha!...Security Testing for Mission Critical Applications
A local television station provides a Web service that allows schools and businesses in the area to easily enter information on closures due to bad weather. The information then is displayed as a crawl along the bottom of the television screen. Some kids hack into the site and declare their school closed for the day, and it's immediately shown on everyone's television! It's a cute story. Now let's imagine that these same kids hack the prices on your eCommerce site or obtain access to sensitive customer records on your company Web site. This time the story is not so laughable. Mike Andrews shares his favorite top ten holes in Web site security including "SQL injection" and "cross-site scripting," shows examples of each, and discusses the effects these security breaches can have on your site. Fortunately, the number of attacks is rather small and easy to repair-if you know where to look. But, if undetected, these security vulnerabilities open your vital systems to thieves, scoundrels, and worse.