Information weekly has written an article entitled "Web App Vulnerabilities Are Getting More Attention; Now's The
Time For IT To Get Defensive"
"Attacks designed to bring down networks are largely under control,
even though companies still spend plenty of time defending against
them. The latest addition to IT teams' worry lists: keeping Web apps
from being hijacked and forced to give up data that can be used to
commit identity theft or other crimes.
The number of Web sites with applications vulnerable to these
attacks appears to be small–58 were reported last year to the Web
Application Security Consortium, a group that tracks flaws found in
custom Web apps. But that's a big leap from the 16 in 2004 and nine in
2003. This year, at least 20 vulnerabilities have been reported,
including cross-site scripting vulnerabilities at eBay, Microsoft MSN
Hotmail, and open source repository SourceForge.net, all of which have
since been fixed. And the reported number of vulnerable sites could be
just a starting point, since the vulnerabilities aren't easy to spot,
and attackers try to get in and out without leaving a trail. So victims
may not know their sites were attacked and data compromised or stolen."
– Information Week
Article Link: http://www.informationweek.com/security/showArticle.jhtml?articleID=185302822
