Java Reference
In-Depth Information
Chapter
5
Insights into Web
Application Security Risk
his chapter will focus on the foundations of building a secure Web application. he very founda-
tion for any security implementation is based on the understanding of risk. We will relook at the
some of the critical concepts that constitute the elements of risk and gain a deeper insight specii-
cally into threats, vulnerabilities, and controls that are speciic to Web applications. his chapter
also aims at introducing important aspects of security compliance and their imprint on Web
application security. he practice of risk assessment and its importance in building a secure Web
application will be elaborated in this chapter.
5.1 the need for Web Application Security Risk Management
We explored the importance of risk in Chapter 2. As we have already discussed,
risk
is t he impact
of a threat exploiting a given vulnerability and the probability of its occurrence. Again, security
is always, without exception, based on risk. Without risk, there would be no need for security
and the thought of security would never arise. herefore, understanding risk is one of the most
important aspects of building a security program. For instance, an organization believes that its
most important asset is its list of customers, which exists as a spreadsheet. If the organization
does not bother understanding the threats to the information (namely, the customer list) and
the vulnerabilities that would allow the customer list to be stolen, altered, or destroyed, then the
organization would not know where to start in developing a protection strategy for the customer
list. As they would be completely unaware of the threats, vulnerabilities, the impact of a threat
exploiting a given vulnerability, and the probability of the same occurring, they would not be
able to implement the right protection strategy for the customer information or not be able to
implement one at all. hus, risk management becomes an important aspect of Web application
securit y.
71
Search WWH ::
Custom Search