Your company creates a custom web application and deploys it live. I bet it went through some serious security testing, and even the development process had security in mind from the design stage right (it should have). So if all this effort is put into a custom web application, why isn’t the same being done for your company’s blog?

Blogs are nothing more than web applications. And unless you created your own blog engine from scratch, you are using some third party solution (Wordpress or TypePad). This means you’re trusting the software is free of any vulnerabilities and has been developed with secure coding techniques as well. It’s one thing to insist your developers use secure coding techniques but it’s a way different scenario when you’re dealing with third-party, Internet facing applications like blogs.

If you’re going to be using third party web applications that you cannot guarantee are secure (and you can’t) then you ought to be taking advantage of a web application firewall (WAF). A web application firewall can protect third-party applications just as easily as it can for custom developed applications, and in many cases it is actually a lot easier.

In a lot of companies blogs are the web face for the company (at least one could hope). It’s important to realize that thereare risks here, especially if it’s pulling the the most hits and getting the most attention. So stay protected – use a WAF!

This entry was posted on Wednesday, August 13th, 2008 at 11:39 am by Tim Donaworth and is filed under hacking, software. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.