The Register® — Biting the hand that feeds IT

Shell recovers slip after spilling applicants' details

URL regret it if your Web forms are insecure

By John LeydenGet more from this author

Posted in Security, 7th January 2003 15:13 GMT

Free whitepaper – Dell PowerEdge servers product guide

Shell has fixed a security hole on its recruitment Web site that left confidential private information of potential applications files open to world+dog.

Yesterday a Reg reader, who'd also notified Shell, told us that URL manipulation of forms on the site allowed easy access to this confidential data.

The company promptly suspended the print service, after we informed it of the vuln.

Application security issue are all too common, and Shell's experience illustrates the importance of keeping one eye on security when carrying out Web development work. Companies need to have a security policy that extends beyond making sure the basics (firewalls, AV etc.) are in place so that they deal with a wider variety of potential risks. ®

Related Stories

Sports supplier drops punters' pants in public
Gateway drops customers' pants in public
FBI names 20 most unwanted security flaws

Free whitepaper – PowerEdge M-Series blades I/O guide

Webcast: Jumpstart your Application Security initiatives