"If the hacker can construct application code that can query this information, it's better than trying to hack it out of a back-end server that's been patched," says Grant Bourzikas, senior manager of information security and business continuity at Scottrade.
The online brokerage last year decided to protect itself against a variety of attacks designed to fool Web applications into disclosing information, including buffer overflows, SQL injections, and cross-site scripting. Scottrade placed its Web-based trading systems behind an Imperva SecureSphere Web Application Firewall, which is designed to reinforce the company's application security policies that specify the amount and type of data that can be input into any field. "To be a solid security organization, you have to look at all layers of protection," Bourzikas says.
Leave a comment