Web Application Security "Six Elements" (1)

Web applications are more difficult to secure than client applications because they are not like Web servers with four or five major vendors, it has a number of Web applications and custom scripts, and each can contain potential vulnerabilities. For developers, the best way to ensure application security is to use recommended security measures and software that can scan code, and to alert users to potential security issues. Administrators need to periodically scan vulnerabilities in their Web sites. The security of an application is primarily controlled by the application's developers. Administrators can tighten the security of some applications, but it is impossible to secure them if the application itself is insecure. Writing secure applications is difficult because all aspects of the application, such as the graphical user interface, network connectivity, operating system interaction, and the management of sensitive data, require a great deal of security knowledge to ensure their security. Most programmers do not have this knowledge or consider the importance of application security to measure additional work. But from a manager's point of view, there are some security issues to keep in mind: Run Permissions Permissions Application Management application update and operating system integrated security Remote Administration Security session security Essentials One: Run Rights Management administrators should set the application's low privileges as much as possible. This protects against multiple computer threats: If an application is exploited by an attacker, they will have the privileges of the application. If the permission is low enough, the attacker will not be able to attack further. Low privileges Protect your computer from embedded Trojans (in applications) because you have fewer permissions when dealing with Trojans. When an application has lower permissions, users will not be able to save the data in the sensitive area (such as the operating system area) or even access core resources. When developing applications, programmers often make assumptions in order to save development time. Some of these assumptions require administrative privileges to access. This reduces programming time, but it lowers the administrator's ability to protect system security. When normal users are granted administrative privileges, they can delete or access the surrounding configuration, threatening security. When you install a program, because the installer may need access to a sensitive operating system directory, it usually requires higher privileges, even administrative permissions. It is best to install the application on a test computer that is similarly configured. This way, you can see if there is a problem before you install it on a regular computer. If your application does not require administrator privileges for obvious reasons, or if you do not trust the application, you can run it in a sandbox. A sandbox is a secure application that blocks system calls to a running application, ensuring that the application will only be able to access resources that are allowed by the administrator. The sandbox can restrict access to the registry, the directory of operating system data, and the network. Isolate applications from sensitive OS zones and other user-defined sensitive data domains. 1 2 3 4 5 Next >> View full-text navigation page 1th: Run Rights Management page 2nd: Application Management page 3rd: Application update 4th page: Security Integration with operating system 5th page: Remote Management Security Original: Web Application Security "Six Elements" (1) Return to network security home