How can you expect to secure your web applications if even Google and eBay with their thousands of developers fall prey to hackers? According to Websense this week one of Google’s services is harboring a keystroke logger that is at the main IP address for Googlepages.com. It targets particular banks so if you were infected with it and logged in to your bank account your credentials would be recorded and sent on to the hackers. This is an instance of the good guys discovering an exploit in the making. There are no signs yet of the spam attack it would require to get people to go to the special url that hosts the Trojan.
And then according to Netcraft a cross site scripting attack on the PayPal site is allowing hackers to redirect users to their server in South Korea where their PayPal identities are stolen.
This may be a good time to consider investigating web application firewalls. Both eBay and Google would have been protected from these latest embarrassments if they had not had such faith in their web administration. I wonder what Amazon is doing to protect its web sites?
A few web applications firewalls to look at: Imperva's SecureSphere. Citrix's Application Firewall, Netcontinuum's Application Firewall, F5's TrafficShield, and, not available in US, DenyAll's rWeb.