Using rational AppScan to secure Web applications, part 1th:

Introduction to Web Security and Rational AppScan

Based on the analysis of the current situation of Web application, this paper illustrates the challenges that Web application is facing by enumerating the common attacking means, meanwhile, by introducing the Rational AppScan platform, it helps the enterprise to make Web application security solution and put armor on the enterprise Web application. In the first section, you will introduce the basics of Web security and Rational AppScan. The second part of the following section will describe how to use Rational AppScan to respond to WEB application attacks.

Objective

In today's world, the Internet (Internet) has become a very important foundation platform, many enterprises will be applied to the platform, to provide customers with more convenient and efficient service support. These applications in the function and performance, are constantly improving and improving, but in the very important security, but not enough attention. As the network technology matures, hackers have shifted their attention from previous attacks on Web servers to attacks on web-based applications. According to Gartner's latest survey, 75% of information security attacks occur on Web applications, not on the network level. At the same time, the data also shows that two-thirds of the Web site is very vulnerable and vulnerable. However, the reality is that the vast majority of enterprises spend a large amount of investment in the network and the security of the server, not to the real sense of the security of the Web application itself, to the hacker to exploit.

Based on the analysis of the current situation of Web application, this paper illustrates the challenges that Web application is facing by enumerating the common attacking means, meanwhile, by introducing the Rational AppScan platform, it helps the enterprise to make Web application security solution and put armor on the enterprise Web application.

WEB Application Status

Basic concepts of WEB applications

Before discussing Web application security, let's briefly introduce the Web application basics, which makes it easy to understand why Web applications are vulnerable and vulnerable.

1. What is WEB application

Web applications are composed of dynamic scripts, compiled code, and so on. It is typically built on a Web server, where users send requests on a Web browser, using HTTP protocols that interact with Web applications on the Internet and the enterprise, and are communicated by Web applications and enterprise-backed databases and other dynamic content.

2, the WEB application architecture

Although different organizations have different ways of building a web environment, a typical Web application is typically a standard three-tier architecture model, as shown in Figure 1.

Figure 1:web Application is typically a standard three-tier architecture model

In this most common model, the client is the first layer; the part of using dynamic WEB content technology belongs to the middle layer; The database is the third tier. Users send requests through a Web browser to the middle tier, and the middle tier converts the user's request to a query or update of the backend data, and the final results are presented to the user in the browser.