Imperva Discovers Critical Vulnerability in AJAX Technology; Web 2.0 Applications at Risk.Application Defense Center Identifies Major Flaw in Next Generation Web Application Framework Imperva
WHO: Amichai Shulman, CTO, Imperva
Mr. Shulman is head of the Imperva Application Defense Center
(ADC), the company's web application and database vulnerability
research group
WHAT: The ADC today announced the discovery of a critical
vulnerability in DWR (Direct Web Reporting), a key underlying
technology in the AJAX web application development framework.
This client-side vulnerability can be exploited to launch Denial
of Service (DoS) attacks and break into back-end servers and
databases. AJAX is emerging as the new lingua franc for building
new generation Web 2.0 applications such as Google Maps. Since
AJAX executes a much larger proportion of application logic in
the web browser than traditional web applications, it exposes a
broader attack surface to client-side exploits used by attackers
to target sensitive back-end servers directly. The ADC has
published a free security advisory that details the DWR
vulnerability and how to mitigate attacks. Amichai Shulman,
head of the ADC, is available to discuss this vulnerability as
well as AJAX/Web 2.0 security issues.
WHERE: The ADC Security Advisory on the DWR vulnerability is available
at: http://www.imperva.com/application_defense_center/papers/w
eb20-ajax-dwr-01032007.html
WHEN: Mr. Shulman is available for interviews immediately via
teleconference
HOW: Please contact Marc Gendron at 781-237-0341 or marc@mgpr.net to
arrange a call with Mr. Shulman.
About the Imperva Application Defense Center The Imperva Application Defense Center (ADC (1) See A/D converter. (2) (Apple Display Connector) A peripheral connector from Apple that combines digital video display, USB and power in one cable. ) is internationally-recognized for its leadership in security and compliance research and education. The Imperva ADC has found over 20 vulnerabilities in commercial Web application and database products. Database and application vendors have credited the organization with the discovery of serious vulnerabilities and mitigation MITIGATION. To make less rigorous or penal. 2. Crimes are frequently committed under circumstances which are not justifiable nor excusable, yet they show that the offender has been greatly tempted; as, for example, when a starving man steals bread to satisfy techniques that have led to increased security in their products. About Imperva Imperva is the global leader in data security and compliance solutions for the data center. The company's SecureSphere database and web application appliances are deployed in leading financial, retail, telecommunications Communicating information, including data, text, pictures, voice and video over long distance. See communications. , healthcare, and government organizations around the globe. Founded over four years ago, Imperva is a solid, privately held company privately held company A firm whose shares are held within a relatively small circle of owners and are not traded publicly. with growing revenues and backing from Accel Partners, Greylock Partners, US Venture Partners, and Venrock Venrock is a pioneering venture capital firm formed in 1969 to build upon the successful investing activities of the Rockefeller family that began in the late 1930’s. It has offices in Menlo Park, California, New York City, Cambridge, Massachusetts, and Israel. Associates. For more information, visit www.imperva.com. |
|
||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion