Security holes in the Apache Geronimo Application Server and SAP cFolders headline a list of five serious Web app vulnerabilities that demand immediate attention. According to Mark Painter from the HP Security Laboratory, the flaws expose users to a variety of attack vectors that could lead to the theft of sensitive information and cookie-based authentication credentials. Twitter has fixed a caching issue that could have exposed developers API keys and tokens.Ethical hackers so far have earned nearly $300K in payouts from the Apple bug-bounty program for discovering 55 bugs.
Source: https://threatpost.com/five-must-secure-web-app-vulnerabilities-042909/72641/