The Importance of Security
Security should be one of the first concerns a Web developer thinks about when designing and implementing an application. In many ways, designing an application without considering security is the same as designing an application without security. It is much harder to add security to an application after the fact than it is to do so up front.
Of course, there are different levels and types of security. The type and level you need for your application will vary depending on what your application does, the type and value of data (if any) that you store, the amount of risk you are comfortable with, and the amount of time, effort, and money you are willing to expend to have a secure application. The security needs of a personal home page, for example, are very different from those of a corporate intranet site or a retail e commerce site. Table 6-1 describes the kinds of threats that are out there and the consequences of being underprepared for them.
| Type of Threat | Primary Target | Consequence |
|---|---|---|
| Web server compromise Defacement Substituting incorrect or misleading information for valid information Unauthorized access to internal networks Installation of Trojan or Distributed Denial of Service (DDoS) code | All Web sites | This threat might be embarrassing for an individual, but can be costly to a corporation, not only in terms of repairing damages, but also in the cost to the company’s reputation of having its site defaced or, worse yet, having inaccurate or misleading information posted. Compromised systems can also be used to mount DDoS attacks on other systems—a potential source of liability. |
| Denial of service | Higher-profile sites | A denial-of-service attack can prevent users from accessing your site by flooding it with illegitimate requests, among other techniques. These attacks can be difficult to prevent. |
| Data loss or compromise Data compromised through packet sniffing Server data compromised through user impersonation or data forgery | All sites transmitting and receiving sensitive data | Consequences of not addressing this threat include compromise of credit card or other sensitive data and illicit modification of server data. |
| Note | A more complete discussion of this topic is available in Chapter 14 of William Stallings’, Cryptography and Network Security: Principles and Practice, 2d ed. (Prentice Hall, 1998). |
EAN: 2147483647
Pages: 126
- Enterprise Application Integration: New Solutions for a Solved Problem or a Challenging Research Field?
- The Effects of an Enterprise Resource Planning System (ERP) Implementation on Job Characteristics – A Study using the Hackman and Oldham Job Characteristics Model
- Distributed Data Warehouse for Geo-spatial Services
- Intrinsic and Contextual Data Quality: The Effect of Media and Personal Involvement
- Healthcare Information: From Administrative to Practice Databases