What Lies Beneath-Feature Article in Better Software Magazine



What Lies Beneath
by Ryan English

According to a recent ABC News/Washington Post survey on identity
theft, 84 percent of Americans polled believe that corporations are not
doing enough to protect customers' personal data. The Privacy Rights
Clearinghouse recently published the results of a survey that found 45
percent of identity theft cases involve hacking. One-third of all
identity theft cases are a result of Web application security
vulnerabilities. These vulnerabilities can be costly and result in the
exposure of large amounts of confidential information. Major public
companies, including Google, T-Mobile, CVS, and MSN, were exploited in
2005 through Web application security vulnerabilities. CardSystems lost
its biggest partner, Visa, when it was announced that information from
forty million credit cards might have been exposed to hackers.

If many hacking attempts are for the purpose of identity theft, it is
difficult to understand why so many organizations continue to install
Web applications on the Internet without first checking for security
defects and vulnerabilities. If you asked a group of developers and
testers if they pride themselves on producing robust, defect-free
applications, all of them would say yes. But if you asked the same
question about secure code, few would have an answer. Yet security
vulnerabilities are software defects. If a product has security
vulnerabilities that will allow a hacker to steal confidential data or
even shut down the application, then a solid, high-quality application
has not been produced.

Learn more: