Managers must weigh security risks and protect systems as employees use Web applications from workplace computers.

Larry Greenemeier, Contributor

January 8, 2007

1 Min Read

A recently found flaw in Web-based Google applications spotlights a growing concern: how to protect IT systems and data as workers access Web-based e-mail and collaborative applications.

Google's problem made it possible, in theory, for an attacker to access the contact information in a user's Gmail account through "cross-site request forgery," overwriting JavaScript used to send information from Google servers to the user's PC. Google fixed the flaw within 24 hours.

It's "a bellwether of things to come as people get more serious about SOA and Web 2.0 capabilities," warns Gary McGraw, CTO of Cigital, a software security and reliability company.

How big a worry are consumer-focused Web apps? "Web mail accounts give you access to everything," contends Jeremiah Grossman, CTO of WhiteHat Security, a maker of Web app security assessment software. Grossman, a former Yahoo security officer, says cross-site request forgeries can let an attacker, in addition to poaching information from Web mail, access any account the user is logged on to.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights