Web-Based Attacks Gain Power

By Sean Martin  |  Posted 08-10-2010 Print


EUC with HCI: Why It Matters

Web-based attacks remain a hot topic. The Google Web Toolkit (GWT), for example, allows for some of the quickest, slickest web-based applications to be built today. But the framework, built entirely in JavaScript, provides significant support for remote procedure calls (RPC). While the engineer has the option to securely implement the RPC, it turns out that insecure remote functionality is very common via the GWT. And, you guessed it, these insecure implementations result in vulnerabilities that can be exploited to compromise these pretty, slick web applications.

Even with the PCI requirement to store cardholder data in an encrypted fashion, hackers have found ways to bypass database encryption methods by using SQL injections through web applications in order to gain an escalation of privilege. With these newly acquired SYS-level privileges, hackers can obtain clear text data from an Oracle database backend - regardless of whether or not the data is stored as encrypted content in the database.


Submit a Comment

Loading Comments...
eWeek eWeek

Have the latest technology news and resources emailed to you everyday.

By submitting your information, you agree that cioinsight.com may send you cioinsight offers via email, phone and text message, as well as email offers about other products and services that cioinsight believes may be of interest to you. cioinsight will process your information in accordance with the Quinstreet Privacy Policy.

Click for a full list of Newsletterssubmit