Log in / Register
Home arrow Computer Science arrow The InfoSec Handbook
< Prev   CONTENTS   Next >

Chapter 6 Application and Web Security


As we have explored in earlier chapters, security applies to all the components of the systems including physical infrastructure like building, electricity, cables, and so on; hardware; network; software; tools / utilities; human beings including resources internal to the organization and contractors / suppliers who may be working from within

the organization or outside the organization. Any part of the entire chain of components can be ignored from security perspective only at the peril of an organization.

Infrastructure is protected through physical security including fences. Hardware is protected through logical access control systems which are smart card based or biometric based or similar mechanisms or by physically securing the system, such as laptops locked to the desk through a locking cable. Physical infrastructure and hardware are relatively easy to secure (even though they have their own challenges like securing laptops during travel etc.).

However, ensuring security of the software (including operating system, applications, tools / utilities) and networks are most difficult because of various possibilities as to what can go wrong. Some of the typical vulnerabilities they are exposed to are: misconfiguration, not validated inputs, defects / errors in coding, man in the middle attacks, man in the browser attacks, session hijacking, weak encryption keys, weak / default passwords, weak authentication mechanisms, SQL Injection, and Buffer Overflows.

Increased usage of software and web based applications over the internet has increased the exposure of these various kinds of attacks. Hence, securing them effectively should be the focus of all the designers and developers of such systems. People may believe in “If something has to go wrong it will go wrong.” It may be so. But because something can go wrong not acting on the possible issues is akin to a king inviting the enemy with a red carpet without even fighting the battle, which can only cost the king dearly. However, if we look at the history and data from the history, it is very clear that we are far behind in the race of attacks on software applications and web

applications. We are yet to wake up and catch up with the best practices on application development and infrastructure set up, so that we have a fairly good chance of winning the race or at least giving the best possible fight.

Found a mistake? Please highlight the word and press Shift + Enter  
< Prev   CONTENTS   Next >
Business & Finance
Computer Science
Language & Literature
Political science