Web servers are among the most obvious targets for black hats. Whether used for basic e-commerce or more advanced Web services, they give attackers an always-on interface to an IT system and often a shortcut to the parts that handle financial transactions. Even better for the attacker, they increasingly run custom applications developed in-house. These are more likely than the basic Web server software to contain security vulnerabilities, as they haven't been subjected to the rigorous quality control procedures of the open-source community or a commercial vendor.

Two organizations promise to help. The Open Web Application Security Project (OWASP) mainly targets software developers and the application architects who manage them, aiming to stamp out security bugs in the applications themselves. The Web Application Security Consortium (WASC) is broader, focusing on threat classification and all means of mitigation.

The link for this article located at IT Architect is no longer available.