A new study has found that the Web application security landscape is still fraught with danger - and financial services firms had better watch out.
At least seven out of popular 10 Web applications have vulnerabilities that could potentially lead an unauthorized party to steal critical personal information such as social security numbers or transfer money to their accounts, according to a report by Santa Clara, Calif-based Cenzic .Common culprits include architectural flaws, design flaws and insecure application configurations. Overall, Cenzic pointed the finger at 1,561 unique vulnerabilities in a host of highly popular applications, ranging from Adobe Acrobat's Reader to Google Desktop and IBM Websphere.
"The most surprising factor is that the majority of companies are vulnerable. And we're talking here about the crème de la crème Fortune 2000 companies - so I dread to think what is happening with other smaller companies around the world," says Mandeep Khera, vice-president of marketing for Cenzic.
"It's a huge problem for financial services firms. They, together with e-retail firms, are the number one target. Because like Al Capone said, that's where the money is," he adds.
The most prevalent vulnerabilities are file inclusion, SQL injection, cross-site scripting and directory traversal, totaling 63 percent. The majority of vulnerabilities affected Web servers, Web applications and Web browsers.
And Cenzic says the bulk of these vulnerabilities are easily exploitable. In other words, hackers don't have to be pros. Vulnerabilities were found on Adobe Acrobat Reader, Google Desktop, IBM Websphere, IBM Rational ClearQuest Web 7.0, Lotus Domino's Active Content Filter, the Sun Java Access Manager, Apache Tomcat and BEA WebLogic, to name but a few.
Khera says the main problem is lack of awareness and education. "Most high-level executives don't know what application security means," he points out.
When companies use thousands of applications they often lack the resources to fix problems in every single one, Khera adds.
Then again, what if developers working for software giants made sure their new programs didn't have any security loopholes in the first place? Melanie Rodier has worked as a print and broadcast journalist for over 10 years, covering business and finance, general news, and film trade news. Prior to joining Wall Street & Technology in April 2007, Melanie lived in Paris, where she worked for the International Herald ... View Full Bio