immature notions of security
In the area of \u200b\u200bweb application security concepts are less mature than other areas established some time ago and are the areas of networks and operating systems, whereas most people working in the IT sector have a reasonable knowledge of the essential security and protect networks and servers, there is still much confusion about key concepts involved in web application security. It is common to find web developers with medium experience for whom an explanation of the basic types of security breaches are presented as a complete revelation.
In-House Development
The majority of web applications are developed in-house by himself team of the company or third parties. Even using third-party components that are almost always custom made or remade using new code. In these situations, each application is different and may contain their own shortcomings. In contrast we have many of these applications are typically deployed in infrastructure of any organization which have been purchased as the best of its kind and installed following the guidelines and industry standards
deceptive simplicity with existing application platforms and Web development tools, it is possible for a rookie program and create powerful applications from scratch and in a short period of time. But there is a difference between producing code that works and safe code. Many web applications are created by well-meaning individuals who simply lack the knowledge and experience to identify where you can get up a security issue
fast-changing threats profile
As a result of their relative immaturity, research in web application attacks and defenses associated with them is a fertile field in which new concepts and threats are designed at a rate faster than they now have the older technologies. A development team that begins a project with a thorough knowledge of today's threats may have lost his status for the time the application is complete and has already been deployed
Limitations of time and resources
The ; most projects web application development experience severe limitations in time and resources, leading to internal development and faster development than is recommended. Usually it is not possible to use Security experts involved in the design or development teams, and leave the safety testing by specialists (when performed) until the end of project life cycle, the balance of priorities facing a deadline and the need to produce a functional and stable implementation usually a less tangible beyond security considerations. A typical organization might have the willingness to pay a few consulting days to evaluate a new application, but a quick test to find penetration only the typical vulnerabilities and easier to find vulnerabilities while others more subtle and require more time and patience to be identified could be (and in fact are) ignored.
used Technologies on
Many core technologies used in web applications came to the world when the prospect of the world wide web was very different, and have been used beyond the purpose , for which they were designed initially for example the use of JavaScript as a way of transmitting data in many applications based on AJAX. As the expectations placed on the functionality of web applications has evolved rapidly, the technologies used to implement them have been behind the curve, and today we feel stretched and old technologies tailored to meet the new requirements. No wonder that this will lead to new vulnerabilities with side effects that have not yet seen. Taken
The Web Application Hackers Handbook
0 comments:
Post a Comment