Shelley Bard is a security expert, or at least that is what her bio suggests. But, well, you decide. Her new article on SearchSecurity.com recommends “Check for Web server vulnerabilities no less than monthly; update your Web server security policy annually or each time you upgrade or patch.” Ok, that is a pretty safe statement, I am not sure that I completely buy it, but it’s safe. She then adds “Web servers are your organization’s public face and provide an easy way into your network. All Web servers have associated security issues, some more than others.”. Now that I buy, very true. But then things go downhill quickly. “Many Web servers come with sample Common Gateway Interface (CGI) programs installed by default, like ColdFusion, which can be used to execute malicious commands.” Whoa, slow down there. ColdFusion installed by default? On many Web servers? Default, as in it may be lurking and doing damage without even being aware of it? And CGI? And even if it were true, what does a program being implemented via CGI (as opposed to a server API) have anything to do with it? The sad thing is that some of Ms. Bard’s comments and suggestions are valid and legitimate, but the message gets lost amidst the generalities and inaccuracies. The article is at http://searchsecurity.techtarget.com/tip/1,289483,sid14_gci1013416,00.html.
Leave a Reply