Shell recovers slip after spilling applicants' details
Print storyURL regret it if your Web forms are insecure
Posted in Security, 7th January 2003 15:13 GMT
Free whitepaper – Certify your software integrity with Thawte code signing certificates
Shell has fixed a security hole on its recruitment Web site that left confidential private information of potential applications files open to world+dog.
Yesterday a Reg reader, who'd also notified Shell, told us that URL manipulation of forms on the site allowed easy access to this confidential data.
The company promptly suspended the print service, after we informed it of the vuln.
Application security issue are all too common, and Shell's experience illustrates the importance of keeping one eye on security when carrying out Web development work. Companies need to have a security policy that extends beyond making sure the basics (firewalls, AV etc.) are in place so that they deal with a wider variety of potential risks. ®
Related Stories
Sports supplier drops punters' pants in public
Gateway drops customers' pants in public
FBI names 20 most unwanted security flaws
Free whitepaper – Securing your Apache web server with a Thawte digital certificate
The best practices guide for application security
Reducing messaging and web security costs with managed services
Avoiding 7 common mistakes of IT security compliance
Certify your software integrity with Thawte code signing certificates
The future of SaaS and IT infrastructure management
Feds: Hospital hacker's 'massive' DDoS averted
Buggy 'smart meters' open door to power-grid botnet
Microsoft knew of nasty IE bug a year before attacks
BlockMaster SafeStick hardware-encrypted USB drive