Attackers do code reviews!

8 September 2015

Java server pages are often used for implementing web applications. I found well written applications that were, very often, badly deployed in unprotected folders on the application server. This is a head start for attackers because they can easily analyze the code to find vulnerabilities for further exploitation.

Although this problem is known for many years application admins make still the same configurations errors. In my view there’s only one solution to this problem: Automated web application assessments before a service goes online, and periodic reviews afterwards.

For a really good presentation of the problem and the solution check the OWASP Code Review and Deployment page.

That’s it for today. Take care of your application code!

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s