Application Security

More and more hacks are aimed at security flaws in particular applications (as opposed to being aimed at flaws in the network security).

One reason is that more applications are now available over the Web, which is a nice access point not only for legitimate customers but also for hackers. Many application-layer attacks are aimed at certain well-known (but unfortunately still common) types of coding errors pertaining to the way Web applications process input from Web site visitors. A simple e-commerce application typically asks users for various kinds of information - password, address, et cetera; however, if the application doesn't include appropriate safeguards, hackers can try to use those input fields to pass malicious instructions to the host computer.

Specific types of application-level attacks include Cross-Site Scripting and SQL Injection.

Copyright © 2004 IDG Communications, Inc.

Microsoft's very bad year for security: A timeline