Business Process Flaws Seen Posing Security Risks

Fri, Mar 13th, 2009

Running a secure Web site means more than just guarding against cross-site scripting and SQL injection attacks. Flaws in the business processes that underlie Web sites can also present serious security risks, the CTO of a Web security company said Thursday.

Flaws in the processes, or business logic, for Web sites can prove highly profitable to hackers, require little skill to exploit and are sometimes technically not illegal to take advantage of, said Jeremiah Grossman, CTO of WhiteHat Security, at the Source Boston Security Showcase.

"These issues are common if you know what to look for," he said.

He offered several examples of these flaws, including those found in Web site designs, Captcha authentication systems and user privileges. People who take advantage of them are often simply banned from using a service, although sometimes they are prosecuted.

Share with friends if you like this page:
No comments yet.