A Guide to Discovering Web Application Insecurities, Before Attackers Do

It is all over the news: web based attacks are climbing, month over month, year over year. At the same time companies are attempting to combat such attacks, attackers are devising new methods to infiltrate systems. In the event you were on a reality show for the last few years and missed the latest news, just take a glance at these alarming statistics: 'By exploiting a vulnerability in Microsoft's IIS web server product over 250000 web sites are thought to have been compromised by the 'Code Red' worm in the course of a 9 hour period.' (Danyliw) 'When asked what types of losses their organizations experienced last year over half of respondents (56%) report operational losses 25% state financial loss and 12% declare other types of losses.' (CERT) 'In 1998 50% of those surveyed reported no attack-related downtime whereas this year (2004) only 6% make such a claim.' (Hume. p.54) 'Nearly half of the fastest-growing U.S. companies have suffered security breaches but most still aren't prepared to dedicate enough resources to address the problem according to a study by PricewaterhouseCoopers.