Small- and midsized businesses use a lot of third-party Web applications for saving money and using them for embedding expertise that they might not otherwise have. But it can also open up their business and their customers to attack.
The recent Network Solutions incident shows how this practice can go very wrong. The Internet domain provider learned that a Web-services widget that it had placed on at least 120,000 parked Web pages was infecting visitors with malware. The firm reportedly downloaded the widget, known as the Small Business Success Index, on third-party online directory WidgetBox.
“Over the past five years, Web 2.0 has taken the world by storm,” says Neil Daswani, chief technology officer of Web scanning firm Dasient. “As a website administrator, your security is actually dependent on a bunch of third parties, so you should make sure to monitor all your code and widgets.”
Solving this issue is not easy. There is no standard or accepted way to certify that code is safe and secure, says Andy Chou, chief scientist for code scanning firm Coverity. “In other industries, there are certifications for certain quality measurements of the products,” Chou says. “There are lots of ways in other industries to show the consumer what they are getting. In software, there is nothing like that — the users have to test it themselves.”
More details :- http://www.darkreading.com/smb-security/security/app-security/showArticle.jhtml?articleID=227001110
