Hyperguarding your Web Applications

Weekly Industry Round-up: Week of 1/11

Posted by hyperguard on January 15, 2010

Information Week…
Private Clouds Are A Fix, Not The Future
In this article, Cloud Connect’s Alistair Croll argues that internal enterprise clouds are temporary and will be followed by a migration to public cloud infrastructure. His predicts that for the next three or four years, enterprises will deploy private and hybrid clouds and public cloud infrastructure will be reserved for startups, experimentation and testing. He says that within a few years, the true cloud operators will have an unavoidable cost advantage and they will be closer to consumers  Computing legislation will catch up and in three to five years, there will be a second big enterprise IT migration from private to public infrastructures.

Social Networks Face User Content Risks, Web Application Vulnerabilities
Rob Westervelt discusses how third-party applications on social networks could be the next means of attack for cybercriminals. If left unmonitored, security experts fear the applications that users have come to trust could be used to trick them into giving up account credentials or deliver spam and malware. In 2009, Link-sharing and discussion portal MetaFilter was on a long list of user-driven platforms and websites victimized by SQL injection attacks. OWASP is now taking a closer look at ways to scan and recognize potentially malicious coding posted by users on Web forums, user profile pages and other webpages where users freely post content.

IT Business Edge…
Fully Clouded By 2010?
A few weeks ago, Arther Cole blogged about his prediction that virtualization and cloud computing would bring an end to IT infrastructure at small and mid-sized organizations, who would outsource these resources to regional dedicated data centers.  While he still expects this to happen, he finds a recent report issued by Gartner to be interesting. It says that more than 20 percent of enterprises will have no IT infrastructure at all as early as 2012. If the change does happen that fast, IT departments should be prepared for a wild road ahead.

Jeremiah Grossman…
Top Ten Web Hacking Techniques of 2009 (Official)
Jeremiah Grossman lists the Top Ten Web Hacking Techniques of 2009. Every year the Web security community produces dozens of new hacking techniques documented in white papers, blog posts, magazine articles, mailing list emails and so on. The top 3 listed were: Creating a rogue CA certificate, HTTP Parameter Pollution (HPP) and Flickr’s API Signature Forgery Vulnerability (MD5 extension attack). Check out the post to see what else the judges included.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: