Are your Web apps safe?

By Geoff Perlman

June 1, 2011 — (Page 1 of 3)

Web applications are becoming increasingly popular, since the Web provides a convenient way to provide application functionality to just about anyone. The Web also provides significant security risks; the huge security breach of Sony’s PlayStation Network is just the latest example.

Because hackers can be anywhere and access any Web app, the possibility of damage has dramatically increased since the days prior to the Internet (or the “Cretaceous period” as some of us call it). Web developers must take extra measures to ensure their applications cannot easily be hacked.

Any computer on the Web is accessible to any other computer on the Web. This is terrifically convenient for legitimate users, but it also creates significant opportunities for hackers. The hacker can be anywhere, hopping from one proxy server to another prior to reaching your server, making it difficult to track him or her down afterwards.

How do you protect yourself and your Web app? Your first line of defense is the server upon which your Web application runs. The very fact that it’s connected to the Internet means it’s vulnerable. An Internet security expert I know told me the only way to truly secure a server is to unplug it. Since that’s not an option, you have to assume a hacker is going to get access to your server. What happens once they do?

Many Web applications are nothing more than a bunch of text files containing HTML, CSS, JavaScript or PHP. If they can gain access to your server, hackers can easily open these files... and change them. They might do something obvious such as place a graphic in the middle of one of your pages. That could be very embarrassing, but at least it would be easy to spot and fix. Or they might make a much subtler change such as changing the code. Customer credit card details, e-mails and other sensitive information could be compromised in a way not easily noticed.

Related Search Term(s): security

Pages 1 2 3

Share this link: http://sdt.bz/35599

Technorati

Digg

Slashdot

Facebook

Friendfeed

Twitter

del.icio.us

Cigital Develops Ready-to-Use Tools for Securing the Smart Grid Cigital Inc. announced the release of the Guide to Developing a Cyber Security and Risk Mitigation Plan.

Department of Homeland Security lays down security suggestions Common Weakness Enumeration version 2.0 highlights flaws in software development practices

Metadata Security for SharePoint Adds Security Permissions Titus Metadata Security for SharePoint allows permissions to be assigned based on the recipient's Active Directory properties

Cigital Develops Ready-to-Use Tools for Securing the Smart Grid
Cigital Inc. announced the release of the Guide to Developing a Cyber Security and Risk Mitigation Plan Read More...