The Lazy Genius

Security News & Brain Dumps from Xavier Ashe, a Bit9 Client Partner

  • Subscribe

  • Xavier’s tweets

    Error: Twitter did not respond. Please wait a few minutes and refresh this page.

  • Goodreads

  • Enter your email address to follow this blog and receive notifications of new posts by email.

    Join 1,186 other followers

  • Blog Stats

    • 52,779 hits

Improving Web Application Security: Threats and Countermeasures

Posted by Xavier Ashe on November 15, 2005

This guide helps you build hack-resilient applications. A
hack-resilient application is one that reduces the likelihood of a
successful attack and mitigates the extent of damage if an attack
occurs. A hack-resilient application resides on a secure host (server)
in a secure network and is developed using secure design and
development guidelines.

Web application security must be
addressed across the tiers and at multiple layers. A weakness in any
tier or layer makes your application vulnerable to attack. Figure 1
shows the scope of the guide and the three-layered approach that it
uses: securing the network, securing the host, and securing the
application. It also shows the process called threat modeling,
which provides a structure and rationale for the security process and
allows you to evaluate security threats and identify appropriate
countermeasures. If you do not know your threats, how can you secure
your system?

Download Improving Web Application Security from the Download Center in .pdf format or read the paper in HTML at the Architecture Resource Center.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: