Now a days, web application security getting more prominent attention. This attention comes with the increase in the number of vulnerabilities in web applications due to the lack of proper security standards used in the development of the application.
· Cert/CC Statistics shows that 7120 Software Vulnerabilities were
Reported in 2006
· 194 SQL Injection Vulnerabilities were found on BugTraq
between 2005-jan and 2005-June
· Symantec highlights in its most recent Internet Security Threat
Report that Web vulnerabilities constituted 69 percent of 2,249
new vulnerabilities identified for the first half of 2006, with 78
percent of 'easily exploitable' vulnerabilities residing within Web
· Directory Traversal is the 2nd most common attack on the
internet as of the 2nd half of 2005
· Roughly 63% of the Web application vulnerabilities can be
accounted for by 4 vulnerability classes: file inclusion, SQL
injection, cross-site scripting, and directory traversal.
Regulations such as PCI, HIPAA,SOX etc and need for the protecting
from the financial loss and reputation loss for organizations leads to surge in applications security. Web 2.0 technologies provide collaborative, decentralized networking for online activities. It involves content participation from end users or consumers enhancements.
Web 2.0 technologies involve active participation from users in terms of content contributions and content edition rather than users plays the roles of consumers in Web 1.0. Active user involvement contains activities such as Blogs, sharing information using syndications with the help of RSS/ Atom etc. Growth of technologies and user interaction increases the negative side of the online business in terms of malicious activities which affect the confidentiality, integrity and availability of information assets. These affect can lead to the unauthorized disclosure of sensitive data like SSN numbers, credit card details etc. which can lead to online business providers financial, and reputation loss.
This document is in PDF format. To view it click here.