"A browser" – that’s all we were led tobelieve the next generation would need to create office applications orengineering applications. Now, the focus on security has begun todivert in that direction. Statistics from the first half of 2006 showedthat 69 percent of exploitable vulnerabilities were from Webapplications. Web application vulnerabilities usually get mixed up withserver vulnerabilities, although the two are distinctly different. Webdevelopers who design Web sites are not usually security gurus. Thedevelopers will often leave behind various security holes in the Webapplication because of bad coding practices and a lack of securityreviews.
On one hand, there are many security experts around the world whofuzz Web servers with variations in order find another zero-day. Theend result is that the gap between popular Web servers and exploitablevulnerabilities within them is increasing. It has been a long timesince we have seen a completely exploitable...
