Java Reference
In-Depth Information
so valuable to them. Over the past few years, the world has witnessed the alarming rise in Web
application attack incidents, which seems to be unabated.
3.2.2.2 Web Application Development Diversity
he Web application development task today is not as complicated as it was previously. Web
application developers do not have to know or deal with the intricacies of internetworking,
TCP/IP, or RMI to create a Web application. here are several platforms on which Web appli-
cations can be created. Java, ASP.NET, and PHP are a few of the prominent Web development
and runtime platforms. Each of these platforms provides server- and client-side technologies
that are also used for Web application development. he server-side and client-side technologies
of the Web development platforms are also used for the development of interactive and rich Web
applications.
Over the years these platforms and technologies have become increasingly simple and devel-
oper friendly. New frameworks and custom libraries available for all these platforms have ensured
that any developer can quickly develop and deploy a Web application. Due to severe time and
resource constraints in organizations, rarely is fresh code written to develop Web applications.
Frameworks and custom libraries are used to simplify and provide a foundation for Web appli-
cation development. As we have seen with many other things, speed seldom results in security;
although these frameworks and libraries are extremely handy in the development and deployment
of functional aspects of Web applications, they sometimes are inherently lawed with respect to
securit y.
he other possible security issue would stem from the fact that the developers are using third-
party or industry frameworks and other components in conjunction with custom code for the
development of Web applications. Developers need to develop and also secure these diverse ele-
ments as part of developing a secure Web application. Development using this multitude of frame-
works and a combination of existing code and third-party components and libraries can result in a
great complexity in the code. he use of these components and their behavior with the others can
result in unintended consequences.
3.2.2.3 Cost Savings
Many people believe that securing a Web application is an expensive afair. Web application secu-
rity involves several cost factors such as the cost of secure development, secure coding practices,
and code reviews for security; application vulnerability assessments are apparently quite expensive
and time consuming. his is, in fact, far from the truth. here have been several examples in the
enterprise scenario that have proven the fact that developing a secure application from the ground
up is less expensive than ixing the same after deployment.
Let us now consider the costs of a breach. First, one of the greatest costs of a security breach
would be the cost associated with loss of reputation when an organization fails to secure its data
and inds itself in the quagmire of a breach. When sites containing the McAfee HackerSafe
certiication were hacked, the reputation of HackerSafe was damaged. Figure 3.3 is a screenshot
of a popular Internet site containing details of the McAfee Hackersafe sites being hacked. he
University of California-Berkeley was involved in an incident recently in which the identities
of over 160,000 students were disclosed in an attack on the university's health record database.
Search WWH ::




Custom Search