larger website hacks are due to custom holes
Web Application security has gotten a lot of attention lately as a often overlooked field. A lot of larger website hacks are due to custom holes found in an application on the website. Sometimes sites will use prepackaged scripts, or write their own. Benefits of using a prepackaged web application include getting issued patches when a vulnerability is found. If you use a custom script this depends upon the person within your company to make and install the patches. Sometimes people will use older scripts that are no longer supported by the vendor. This means that if a vulnerability is found it may go unpatched for many months, or never be patched at all. This leaves attackers with holes in websites they know will go unpatched. This is obviously a serious threat and website administrators should choose applications wisely. Many companies will do whitebox and blackbox testing on web applications to find holes and often times they will create their own patches. People often pay tens of thousands of dollars for such auditing, and usually get what they pay for. Web Application security is a large field and not all of the types of threats have been discovered. Of course people have businesses to run and need these programs to continue business. Some sites will run between one and a few thousand scripts. Probably sixty percent of these applications are affected in one way or another by a hole which could allow server compromise, client information to be leaked, stolen identities, stolen login information, or other serious issues.
Tags: security, custom holes, web security, worms