lazybrick.com lazybrick.com
   Home Page -> About Us -> Privacy Policy -> Terms of Service -> Place Your Link -> Add Article
Search:   
Add Url
 

Travel & Accommodation

Careers & Employment

Property & Estate

Business & Companies

Music & Entertainment

Art & Culture

Self Healing

Society & Communities

Sports & Adventure

Games & Play

Healthcare & Treatment

Fitness & Health

Computers & Software

Finance & Investment

Home Family & Garden

Technology & Science

Education & Reference

Relationship & Lifestyle

Children & Teens

Law & Politics

News & Events

Automobiles

Drink & Food

Malls & Shopping
 

Home Page › Computers & Software › Firewalls & Network Security
 

5 Threats that make your Website Vulnerable, Part 3: Writing Secure Websites is a Hard Work!
 

Web application security is at its worst : we almost always find flaws, this shows that developers did not take security aspects into account. And this may come from world class software companies (HSC)
For far too many development professionals, Web application security only consists of producing applications that are functional and stable, not building hacker protection into the code or checking for SQL injection vulnerabilities (Spi Dynamics)

Web protocols are not secure by default. But web application developers could strongly improve security standards with good coding principles. As M. Andrews and J. Whittaker mention in their Guide to Web Application Security : If developers only validated their inputs to what they are expecting to be given, rather than attempting to filter for malicious inputs (if at all), then 80-90% of web application vulnerabilities would go away. SQL Injection -- gone, XSS -- gone, parameter tampering -- gone.

This is not so simple. M. Graff and K. van Wyk in secure Coding: Principles and Practices (O'Reilly, 2003) believe there are three sets of factors that work against secure coding. If we refer to web applications coding :
- Technical factors (the underlying complexity of the task itself) : tens of scripts, languages (PHP, ASP, PERL, Python, JavaScript, ActiveX, SQL, ), applications, libraries, are developed either in-house, inside open-source communities or by software vendors. This generates complexity and implies extensive knowledge and controls.
- Psychological and human factors (the mental models) : you only see the errors you know ! And error checking, testing are not the most noble parts of programmers job ! Security holes often arise because user (or hacker !) unpredictable behavior was not taken into account. Or because, for instance, expected inputs were not specified enough !
- Real-world factors (economic and other social factors that work against security quality) : web programming is easier than assembler coding, writing a script or an HTML page does not require extensive experience and software engineer skills. Then come economic aspects : professional programmers are usually evaluated on how easily and fast they can write new software functionalities not on ability to secure code.
Unfortunately, from a software vendors perspective : launching a new product on time is more important than launching a secure(d) software !

Next part will talk about the limits of traditional tools

Richard Touret is manager at Binarysec, http://www.binarysec.com , security software company editing an intelligent web application softwall -or software firewall-. This Apache module adapts on most web sites, learning legitimate traffic to block any malicious request, including sql injection, cross-site scripting, directory traversal, forceful browsing, command injection, parameter tampering, attack obfuscation, buffer overflow, ...

Author: Richard Touret
 
Author Bio:
Richard Touret is a notable scripter. Richard likes to pen down articles about this field.
 
 
 

Related Articles
 
How Traffic Exchanges Promote Your Website
 
Affordable Pay Per Click Marketing!
 
Keyword Selection - Overture vs Wordtracker?
 
Computer Repair Software
 
Microsoft CRM or Siebel
 
Canadian E Commerce Web Hosting
 
Google Analytics vs Real Time Tracking Services
 
Email Etiquette V
 
Make Money Fast Jason Calacanis Link Generation Ideas
 
Spy Cams
 
 
 
 
 

Need For Speed - Relaxation or Obsession?

You can get hooked on a computer game and this one doesn't even have any assault weapons in sight. - Kenneth C. Hoffman
 

Content Provider: How To Hire One Who Will Generate Huge Traffic For Your Site

Webmasters and blog owners are rarely able to reap the full benefits of engaging a content provider ... - Christopher Kyalo
 

Beat the Printer Scheme and Save a Ton of Money on Ink or Toner

Before buying another printer, it is important understand the strategies that printer manufacturers ... - David Picella
 
 

Create A Blog

Create a blog to tell the world what you think - Todd Robinson
 

Buyers Guide to Metal Mailboxes

There are a great deal of people today that are in need of a new mailbox. If you are considering pur ... - Charles Truett
 
 
Home Page -> Privacy Policy -> Terms of Service
Copyright © 2008 www.lazybrick.com