.

[Article]-The Logic Behind Application Logic Defects

<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Wed Oct 26, 2011 10:34 am

[Article]-The Logic Behind Application Logic Defects

Rafal Los is an old friend but first time contributor to EH-Net. Hope you enjoy this article. As always please let us know what you think or if you'd like Raf to pen any other articles.

Permanent link: [Article]-The Logic Behind Application Logic Defects


Image


Rafal Los, Security Strategist for HP Software, Down the Security Rabbithole Podcast

It’s no secret that web applications are at the center of the ongoing conflict between malicious hackers and those defending the applications.  As more and more critical business functions migrate to an Internet presence, web applications play an extremely vital role in business.  Hackers know this well and have been exploiting weaknesses in web applications at an alarmingly high rate.

While age-old issues like SQL Injection and authentication weaknesses continue to plague developers, there is another class of security defects that has been flying under the radar.  Web application logic defects are not new.  In fact, the topic has been covered at great length by various academic and research organizations.  But unfortunately, this class of issues has not received enough attention due to the prevalence of much simpler attack vectors.  While hackers may not be exploiting this class of defects in high volume, they are nevertheless extremely effective and stealthy. 



Enjoy,
Don
CISSP, MCSE, CSTA, Security+ SME
<<

lorddicranius

User avatar

Sr. Member
Sr. Member

Posts: 448

Joined: Thu Mar 03, 2011 3:54 am

Post Wed Oct 26, 2011 11:33 am

Re: [Article]-The Logic Behind Application Logic Defects

Great article!  I'd love to see more articles from Raf.

BTW awesome choice for Raf's bio pic lol
GSEC, eCPPT, Sec+

Return to /root

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software