Attackers do code reviews!

8 September 2015

Java server pages are often used for implementing web applications. I found well written applications that were, very often, badly deployed in unprotected folders on the application server. This is a head start for attackers because they can easily analyze the code to find vulnerabilities for further exploitation.

Although this problem is known for many years application admins make still the same configurations errors. In my view there’s only one solution to this problem: Automated web application assessments before a service goes online, and periodic reviews afterwards.

For a really good presentation of the problem and the solution check the OWASP Code Review and Deployment page.

That’s it for today. Take care of your application code!