Not too long ago, hackers were likely to slip into a company network by foiling a poorly configured firewall or intrusion-detection system. Sometimes, it was even easier than that: Companies simply failed to install security systems. But businesses have gotten smarter and hardened their networks with properly installed security tools, so hackers are looking for other ways to slither inside. They're finding them in unprotected applications. The damage can be enormous. Applications such as sophisticated supply-chain and inventory programs, price lists, account-management programs, and even shopping carts are being targeted. Databases that link to Web applications are also vulnerable. Common attacks include E-shoplifting, a process in which hackers change price information in shopping carts. Here's how it works: A hacker puts $100 worth of items in a shopping cart and then saves the Web page to a local hard drive. He or she then modifies the price to $10 and resubmits the page. If the shopping cart is improperly coded, it might not double-check the prices and allow the price change upon resubmission.
展开▼
