Java Reference
In-Depth Information
servers are patched, ensuring complex password protection for administrative access to these serv-
ers, hardening * these servers, and restricting services based on need only, ensuring that logging is
enabled and that these devices are logging critical information and other coniguration issues. his
essentially constitutes one aspect of application security. Although the secure coniguration of a
Web application is quite easy and straightforward, it is an extremely important activity. his is so
because there are several best practices, guidelines, and vendor-released standards that are readily
available for use. An organization that is seriously looking to protect its sensitive information from
attack would quite easily be able to achieve the secure coniguration of a Web application.
he other facet of Web application security is the development side of a secure Web applica-
tion. his area is very diferent from network and host security and the coniguration aspect of
Web application security. his area has gained a lot of publicity because of the large number of
attacks that plague this realm and are rising every day. Our aim here is to focus on the develop-
ment domain of a secure Java Web application and detail the methodology for building secure
Java Web applications and testing them for security. Before we understand the challenges faced in
the development of secure Web applications, it is important to understand why Web application
security is necessary in the irst place.
3.2.2 The Need for Web Application Security
he insecurity in Web applications is a growing concern. here have been several instances where
Web applications have been compromised, resulting in substantial losses to organizations all over the
world. Let us explore some of the reasons that highlight the need for Web application security today:
Ubiquity of Web applications in the enterprise scenario
Web applications—diversity in development platforms
Cost savings
Reputation and customer protection
3.2.2.1 Ubiquity of Web Applications in the Enterprise Scenario
More and more organizations all over the world are realizing the power of the Internet. he Web
has enabled customers and suppliers to get closer to each other, and the management of operations
for the delivery of goods and services has become a simple afair. We have already explored earlier
that the Web has graduated from a set of Web pages to complex Web applications, which can
break down complex operations into very simple fragments. he popularity of Web applications
in the enterprise scenario has resulted in a large quantum of sensitive data being exchanged over
the Internet. Credit card information, Social Security information, tax and inancial information,
and health records are all exchanged extensively over the Web. While this has resulted in immense
beneits to enterprises and entrepreneurs, it has also resulted in hackers and attackers taking notice
of the Web as a prime attack target. Attackers have discovered that the best way to get to sensitive
information is by attacking Web applications and databases, as they are closest to the data that is
* Hardening of a device or an operating system means coniguring the same to ensure that all unnecessary and
nonsecure services, which are usually part of the default coniguration of the operating system or device, are
disabled. his is done to prevent the manifestation of vulnerabilities, which are inherently part of these nonse-
cure services.
Search WWH ::




Custom Search