Although traditional firewalls have effectively prevented network-level attacks, most future attacks will be at the application level, where current security mechanisms are woefully inadequate. Application-level security vulnerabilities are inherent in a Web application’s code, regardless of the technology in which the application is implemented or the security of the Web server and backend database on which it is built. A recent advisory published by Internet Security Systems (see the “Internet Resources” sidebar, p. 44) claims that 11 widely deployed shopping cart applications are vulnerable to a simple attack that lets hackers pur- chase goods for much less than their listed price. Worryingly, the attack does not require particular technical skill; it suffices to save the shopping cart’s HTML confirmation form to disk, use a text editor to modify the price of the goods (stored in a hidden form field), and load the HTML form back into the browser.
Application-level security vulnerabilities are well known, and many articles discuss ways to avoid them. Fixing a single occurrence of a vulnerability is usually easy. However, the massive number of interactions between different components of a dynamic Web site makes application-level security challenging in general. Despite numerous efforts to tighten application-level security through code review and other software engineering practices, many professionally designed Web sites still suffer from serious application-level security holes. This evidence suggests a need for higher-level tools and techniques to address the problem.
Traditionally, the task of preventing unauthorized activity at the application protocol level has been left to network firewalls. Many companies provide application-level firewalls as commercial products. Typical services provided by such firewalls include virus protection and access control. However, we are not aware of any application-level firewalls that are flexible enough to apply fine grained user-specified security policies—most will either completely allow or completely deny a particular service.
Download article Developing Secure Web Applications
Related Searches: application level security, internet security systems, traditional firewalls, network firewalls, security vulnerabilities
Categories
Archives
- October 2009
- September 2009
- August 2009
- July 2009
- June 2009
- May 2009
- April 2009
- March 2009
- February 2009
- January 2009
- December 2008
- November 2008
- October 2008
- September 2008
- August 2008
- July 2008
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
- January 2008
- December 2007
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
Today's Search Terms:
- 2006 mini-cooper s car engine diagram - honda accord 96 manual free download - how to replace 2005 prius blower motor - motorcycle repair ebooks - SPSS for Windows Step by Step 16 E - SPSS for Windows Step by Step 16 E - canon ip 1980 printer free driver download - Free Microsoft Word Tutorials in PDF - free download of 93 integra automatic transmission manual - sap material management books free download - autocad totorial 2007 - f secure mobile security 5 1 with serial and key - tutorial windows mobile client socket - BMW 7 Series E38 Service Manual - 2005 honda crf 450 manual pdf - 2005 honda crf 450 manual pdf - renault-clio-Haynes-Manual PDF - Pontiac Grand Prix Manual free download - free web based eclipse users guide cd3414g - how to set timing on honda gcv160 - motorcycle manuals free - brake repair diagram - mss - tuto virtools - access 2003 for dummies pdf - xr 250 specs - nav manual 06 nissan roadster - canon printer driver canon download ip 1700 - sony vgn service torrent - méganeMost Popular
- iPod shuffle User's Guide (Manual)
- Renault Workshop Repair Manual PDF
- VolksWagen Golf and Jetta Routine Maintenance and Servicing Manual
- VolksWagen Golf & Jetta Service and Repair Manual
- Volkswagen Beetle Manual PDF
- Hacking the XBOX 360 for Noobs Tutorial
- VW Golf and Jetta Braking System PDF Manual
- Renault Workshop Repair Manual PDF
- VolksWagen Golf III / Jetta III Wiring Diagram Manual
- Renault All Types Service Manual PDF
Random Posts
- LMS 2.0: how to Select an advanced Learning System
- F-Secure Anti-Virus for MIMEsweeper pdf
- Cisco PIX Firewall Version 6.2
- SAP MM (Material Management) Manual
- MAPSTER 2.0 Tutorial
- Nokia E70 User Guide
- AutoCAD 2007 Familiarity Breeds Exhilaration
- S510M Color Image Scanner for Macintosh Operator's Guide
- PeakPro 6 User Guide Manual
- CentOS 4 Tutorial Ebook Sample
Free Ebook Manual Download is proudly powered by WordPress - BloggingPro theme by: Design Disease
RSS feed for comments on this post · TrackBack URI
Leave a reply