Security 101

Why Build Secure Applications?

Everybody's heard that the world would be a wonderful place if we could all get along and just trust one another. Unfortunately, this is not possible. If you're a businessperson, imagine relying on trust to "protect" information you want to keep private, such as commercially sensitive product designs or a five-year business plan. If you work in the medical field, imagine relying on trust to keep patient records from being tampered with. And now imagine the disaster caused by a hacker altering a hospital's data to indicate that a patient has an illness that requires a high dose of a restricted drug.

Like it or not, trust can be a dangerous proposition. Furthermore, leaving aside extreme examples for the moment, any successful attack on your organization's information or Web presence will lead to a loss of confidence in your organization. Hence, you have little choice but to secure your applications from malicious use or damage.

The Internet is a different place than it was ten years ago—it's a much more perilous realm for the incautious. Just try putting a new Web site with an interesting Domain Name System (DNS) name on the Net and waiting a few hours. You'll see what we mean as your server is probed and then possibly attacked by unidentified assailants. Long gone are the days of security through obscurity, or "if we don't tell them it's there, they'll never find it!" It simply doesn't work. In fact, the need for Internet security knowledge has never been greater.