Web Application Worms

Myth or reality? This paper at imperva.com shows how relatively simple techniques can be used to automatically find and attack vulnerable application servers. Looks plausible enough to me.

You’ve been warned: use a serious framework for your next project ;-)

One Response to Web Application Worms

  1. Well, even if Cocoon doesn’t have some of the wide-open holes that some systems have, protecting from SQL injection is not built into the framework and requires careful inspection of direct transmission of request parameters to SQL queries…

    Anyway, thanks for the pointers, this is an interesting read!

%d bloggers like this: