Twitter's vulnerability to basic
cross-site scripting attacks highlights the need for
organisations to review website coding, according to security firm
Fortify Software.
A teenage hacker hit
Twitter four times at the Easter weekend with worms that
directed users to his own microblogging website.
Around 10,000 posts were deleted to prevent the worm spreading
and Twitter has said it will consider
legal action against the 17-year-old hacker.
The attacks are simply a case of a hacker exploiting
vulnerabilities in the way websites are coded, said
Barmak Meftah of
Fortify Software.
Code exploitation is now high enough on the hacker agenda to
warrant code auditing in the software planning and development
process, Barmak Meftah said.
According to Meftah, a common problem is that developers
typically write code with minimal auditing and few security
checks.
"This is a classic example of how poor coding enables cracking
situations that should never have been allowed to happen in the
first place," he said.
Hot skills: extreme programming >>
Infosec 2009: an essential guide for IT professionals
>>