The Open Web Application Security Project, or OWASP, run by local Internet security analysts, is ranked by Uribe 100, run by former United States Department of Justice employee Felix Uribe, as one of the 100 best sites for information on how to protect networks.

The site offers a program called The Top Ten Vulnerabilities, which shows companies using Internet applications how to protect their business from security threats.

ADVERTISEMENT

"OWASP was selected because of their contribution to Web security," Uribe said in an e-mail interview. "Much of the news out there is always on [operating systems], but they set aside the applications and especially Web applications," Uribe said.

One of the contributors to the project said it confirmed that transparency in Web protection is becoming a trend.

"It's very good. It's a recognition of what OWASP is trying to promote," said James Tsao Kin-wai, co-founder and chief technology officer of Interbiztech Solutions, a consulting and security company in Hong Kong.

Tsao said he has been hearing that companies are turning to the OWASP site as part of their applications testing.

At a recent tech forum, he learned that a major credit card company uses the OWASP Top Ten Vulnerabilities program as a testing requirement for its partners.

"Visa has to comply with a whole set of standards. We found out that OWASP's Top Ten Vulnerabilities is part of the compliance tests for Visa service providers," Tsao said.

Computer companies and security experts say the new target for hackers is Web applications, or software run through a central network server on individual machines in offices.

Sometimes these servers are vulnerable to attack, either through human error - failure to create tough passwords - or through the utilization of improperly coded programs, which open up ports into individual computers attached to the Internet.

This can produce anything from a security breach to a denial-of-service attack. In a D-O-S attack, information requests to a network server become so high in number that they eventually shut down the server.

Security professionals feel that being transparent about security issues benefits companies, which should be testing their own systems regularly.

Uribe said making security vulnerabilities publicly available creates efficiency in dealing with threats.

"I decided to publish the list on the Internet because I believe that this information would benefit a lot of IT security professionals in the world," Uribe said.

Web surfers can visit the 100 list at www.uribe100.com.