The following document is intended as a guideline for developing secure web-based applications. It is not about how to configure firewalls, intrusion detection, DMZ or how to resist DDoS attacks. This is a task best addressed at system and network level. However, there is little material available today intended for developers. We have entered the dotcom age in which a web site is no longer an isolated site, but an extension of the internal business systems, yet there isn’t much about how to create this extension securely.
Traditionally, developers have worked on systems for environments where malicious intents were not a real threat: internal systems, software for home use, intranets. There may have been occasional exceptions, sometimes with embarrassing outcomes, but they could be dealt with at HR level and the example prevented others from attempting it again. An isolated (read: not linked with internal systems) web site is not far from the same scenario: the security was treated mostly at the system level by installing the necessary OS and web server fixes and applying correct settings and permissions. If a breach occurred, the system was taken offline, rebuilt better and the site put up again. Everything at a system administration level.
However, as the Internet becomes more and more commercial (after all, this is where the .com comes from), a web site becomes more and more an application. Thus, the team has more and more developers, skilled in web and traditional development. However, few resources for them focus enough on security to make them aware about what’s out there on the Internet. We often read that “this web site is secure because it uses 128-bit encryption”. Most often, programming books will have a single chapter on security, compressing SSL, signatures, permissions, cookies and other topics in 20 pages. Little if anything is said about how to think maliciously about your own code, trying to find out if it has a vulnerability. Little if anything is said about how to do security-focused code reviews.
Download pdf Best Practices for Secure Web Development
Related Searches: system administration level, internal business systems, occasional exceptions, intrusion detection, correct settings
Categories
Archives
- October 2009
- September 2009
- August 2009
- July 2009
- June 2009
- May 2009
- April 2009
- March 2009
- February 2009
- January 2009
- December 2008
- November 2008
- October 2008
- September 2008
- August 2008
- July 2008
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
- January 2008
- December 2007
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
Today's Search Terms:
- Vodafone Mobile Connect for xp 64 bit - Honda CBR 600 F2 Specifications - ?????? ?? volvo fh12 - vauxhall vectra c repair manual torrent - dynamics plug ins for maya - rapidshare numerical analysis method - computers internet blog - free Workshop Manual - free ebook programming - renault clio service manual - user manual opel omega a - free SAP MATERIAL MANAGEMENT PPT - GTA III visual walkthrough - reparaturanleitung honda eu10i - rapidshare c# net numerical methods - canon pixma ip 1700 download - wordpress blogs - wordpress blogs - Volvo Penta (09 2009) torrent - samsung a707 manuel - samsung a707 manuel - samsung a707 manuel - HVAC rapidshare com/ - samsung a707 manuel - samsung a707 manuel - file type:pdf(steps for creating client /server programming) - file type:pdf(steps for creating client /server programming) - Autodesk Inventor pdf Ebook Cz Download - file type:pdf(steps for creating client /server programming) - c# mobile codeMost Popular
- iPod shuffle User's Guide (Manual)
- Renault Workshop Repair Manual PDF
- VolksWagen Golf and Jetta Routine Maintenance and Servicing Manual
- VolksWagen Golf & Jetta Service and Repair Manual
- Volkswagen Beetle Manual PDF
- Hacking the XBOX 360 for Noobs Tutorial
- VW Golf and Jetta Braking System PDF Manual
- Renault Workshop Repair Manual PDF
- VolksWagen Golf III / Jetta III Wiring Diagram Manual
- Renault All Types Service Manual PDF
Random Posts
- HOW-TO use Microsoft Access databases from within OpenOffice.org 1.1
- AutoCAD 2007 Familiarity Breeds Exhilaration
- Seaflash 150 Digital Canon Nikon User Manual
- Honda Outboard Motor BF9.9A/15A Owners Manual PDF
- Low-Cost Wi-Fi VoIP Phone CS-110403-PBP1
- Google Desktop Query API Developer Guide
- Audi TT Service Manual 2000-2006
- GT 050Q Quick Guide
- Bluetooth Virtual Keyboard For Pocket PC 2003 User Guide
- motorola razr v3 user manual
Free Ebook Manual Download is proudly powered by WordPress - BloggingPro theme by: Design Disease
RSS feed for comments on this post · TrackBack URI
Leave a reply