Musings on Information Security

This Month

Month Archive

July 2007
April 2007
March 2007
February 2007
January 2007

Main Page

Photos

Simplified Security: Security 101

Quotable security quotes

BS7799

Guest Column

Interview

Secure Personal Computing

Security Awareness Training

Good Security Customer

Security Initiative

security

RSS Newsfeeds

Main Page RSS

This work is licensed under a Creative Commons Attribution 2.5 License.

Main Page

« March 07 | March 28 »

Friday, March 16

Website Security

by RaviC on Fri 16 Mar 2007 05:59 PM PDT

Recently I attended a Website Security breakfast event organized by WhiteHat. Security expert Bill Penington talked about the lifecycle of vulnerability. Another Security expert Jeremiah Grossman shared some interesting stats about vulnerabilities in web application. This was an event packed with lot of takeaways and also I met several interesting security professionals.

Here are some salient features about website (or web application) security:

1. Web was not inherently designed to be secure ground up.

2. Platforms are insecure (OS, Database, Applications)

3. Web programming languages are immature.

4. Protection mechanism is non-existent by default.

5. Browsers are riddled with security holes.

6. Web programmers and users make mistakes.

7. Web applications change frequently i.e. they have a shorter release cycles.

8. Business logic vulnerabilities are hard to detect.

Leave Comment | Permanent Link | Cosmos

Like what I do?
I practice in the domain of Information Security, Application Security, ISO 27001 Compliance, Security Policies.

Introduce me @ nTroduction