Chapter 26. Web Applications and Security

By Steve Steffen and Jeff Marin

IN THIS CHAPTER

• Overview of Security Issues for Web Applications

• Trends That Are Affecting Security

• Areas of Vulnerability

• Attacks

• Technologies to Address Security Risks

• Best Practices to Address Security Risks

Every day, computers around the world are hacked into and used for malicious purposes. Living in a media-driven society, we expect to hear reports of these incidents on the news and read about them in newspapers. However, these events are rarely reported due to embarrassment and damage to the reputation of the company or government agency that these computers are under the control of. Therefore, it's up to us in the software development food chain to proactively research and stay current on trends in security and security break-ins.

In addition to risks involved with closed systems, Web applications running on a private intranet or the public Internet are dependent on the underlying security of the hardware and software they're executing on. This chapter discusses the security risks that our Web application–dependent hardware and software are exposed to. It discusses current trends in security, such as the proliferation of viruses and the difficulties in securing complex IT infrastructures and applications. The chapter finishes with a list of practical ways to prevent your Web applications and their dependent hardware and software from being subverted from their intended usage.