Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Twitter attacks avoidable with code audits

Fortify : 15 April, 2009  (Technical Article)
With improved code auditing and security processing during software development, applications such as those found on Twitter would be less vulnerable according to Fortify
The fact that Twitter has been hit by as many as four worms over the Easter weekend highlights the need to include the code audit and security process in the software development cycle, says Fortify Software, the application vulnerability specialist.

'Media reports have made much about the author of what appears to be the first generation of Twitter worms, but they appear to have missed the point that these are actually basic cross-site scripting (XSS) security problems,' said Barmak Meftah, Fortify Software's senior vice president of products and technology.

'The situation acts as yet another reminder that code vulnerability exploitation is now sufficiently high up the hacker agenda to warrant the inclusion of code auditing in the software planning and development process,' he added.

According to Meftah, the axiom of a company taking its security seriously is no longer proven if the firm fixes problems after they take place.

This Twitter hack, he says, is a classic example of how poor coding enables cracking situations that should never have been allowed to happen in the first place.

There is, he explained, no excuse for poor coding, even with free software.

'Twitter claims they've solved it, but this hard to believe. If you can find 4 vulnerabilities in 48 hours, this indicates a bigger problem. This highlights a common issue--developers rapidly writing code with minimal auditing and few security checks,' added Meftah.

'When it comes to security, or rather, the lack of it, Web 2.0 has become a deja vu for the early days of the Internet,' he said.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo