Monday, February 09, 2009

SQL Injection Attacks Targeting Flash, JavaScript Errors

Erin Kelly writes on SearchSecurity.com:

SQL injection has been the most common attack method among hackers recently and users can expect attacks against newer programming languages such as Flash and Java to increase over time, experts say.

Jacob West, security group manager of Fortify Software, said that Flash, JavaScript, and a collection of Web 2.0 technologies are now at a greater risk for vulnerabilities because their software is running on end-user machines rather than a server. When individuals or IT professionals work with data processing on the client side in Web 2.0 technologies, one must be extra careful about where they execute the validation, West said.

"The 'bad guy' might replace your client with a different client," West said. "The problems aren't new, it's just more of the same problems and harder to solve."

With Flash coding, the biggest problem is that the person coding the Flash application is potentially writing the vulnerabilities into it, allowing the code to be vulnerable to exploitation, West said.

More here.

0 Comments:

Post a Comment

<< Home