Apple's recently launched
MobileMe service has highlighted some of the problems which
have increasingly been associated with
web 2.0 applications.
Some
iPhone users who signed up for a free trial of the online
e-mail, address book and calendar application were given access to
the content of other users' accounts.
Apple says it has resolved this security flaw, as well as the
connectivity and synchronisation problems experienced after the
launch of the service.
Owen Cole, technical director for
F5 Networks UK said incidents such as the one that has affected
MobileMe were becoming a regular occurrence.
"Flaws in the coding of online applications and vulnerabilities
in web sites are all too apparent and
application level security is becoming imperative if companies
are to avoid getting egg on their face or worse," he said.
Ken Munro, director of the penetration testing division at
NCC Group said application-level security was "beyond
imperative".
He said although organisations had started getting the hand of
infrastructure security and are implementing firewalls and patching
web servers, hackers have developed new, far better ways of getting
data out of applications.
Munro said the challenge now is to train software developers to
write code securely from scratch.
"Lots of people advocate putting a web application firewall in
the way, but that's really trying to paper over the crack. The
application code itself has to be secure," he said.