Java Reference
In-Depth Information
on those systems would also have been limited. he reach of these applications to a medium like
the Internet was unimaginable. Accessibility, strong passwords, logging of critical information,
and encryption were not key considerations while developing these applications, and the lack
of these security measures has made these applications vulnerable in the Internet world today.
Organizations also ind it hard to replace these applications or disturb them in any way, as they
are extremely critical for the functioning of the organization and any experimentation on them
can be potentially disastrous.
3.4.6 Business Case Issues
When applications are taken into consideration, most organizations emphasize the functionality
of the application. his is quite understandable, because the functionality of the application is its
fundamental aspect. Functional laws or bugs in the application result in the application becom-
ing unusable for its primary purpose and objectives. Functionality plays on the management a
great deal as well. Management would ensure that all stops were removed to correct or to ensure
that there are no discrepancies in the functionality of an application. Budgetary approvals and
manpower requirements are easily approved once functionality is the question. his is because
functionality is a matter of business need and requirement, which requires pride of place while a
business case is being developed for an application. Web application security tends to be a little
diferent.
Security is not something that management sees as a showstopper . Security is an attribute that
does not hinder the working of the application or is (incorrectly) perceived as not adding extra
value when present. Managements ind it hard to grasp why an application that works perfectly
well, functionally, needs additional efort and expenditure to incorporate security. Web applica-
tions all over the world sufer from this phenomenon, where the management does not conceive
the beneits of Web application security till the occurrence of a breach, after which the manage-
ment is forced to consider incorporating security into the application. At this stage, incorporating
security, or ixing security bugs, becomes a tedious and expensive afair, and a lot more time and
energy is expended trying to it security into the already built application structure.
It must be noted that although security is not traditionally a revenue-generating activity, the
lack of security can result in serious inancial and reputational erosion. An organization can obtain
a great advantage over its competitors if security is their forte. Any organization that wants to part-
ner with other organizations that can provide the advantage of a robust security practice would be
adding greater value through security.
3.5 Summary
In this chapter, we explored the evolution of Web applications and briely glanced at Java's popu-
larity as the Web application development environment of choice. Organizational information
security practices were explored in brief, where the concept of defense-in-depth was exempliied
with the use of organizational information security practices. he need for Web application secu-
rity was discussed, and reasons for the need for Web application security were explored. he key
challenges of Web application security faced by organizations and individuals were discussed in
detail. We also delved into the reason why Web application security was diferent from that of
network or host security. Organizational impetus to Web application security as a result of several
Web application security incidents was also discussed in detail.
Search WWH ::




Custom Search