9th September 2012, 01:38 PM
|
|
Registered User
|
|
Join Date: Aug 2009
Posts: 761
 
|
|
|
Why Are Web Applications a Security Risk?
http://www.esecurityplanet.com/trend...rity-risk.html
Quote:
OS Security
Web applications can be hosted on multiple types of operating systems, including Linux and Microsoft Windows. According to Kandek, both Windows and Linux have their share of security concerns.
On Linux, SELinux provides a form of mandatory access control that can lock down applications. While that can be helpful for thwarting system level attacks, SELinux might not help if all the application is trying to do is get at data, Kandek noted.
"I see SELinux as good security infrastructure measure, and it helps a lot for people that are trying to take control of the machine that the application runs on," Kandek said.
In addition, PHP on Linux has a reputation for being an easy development language, meaning it may also be easy to write insecure code.
Older Microsoft technologies often had issues with ASP pages, Kandek said.
Sophisticated Web Attacks
From a big picture perspective, Kandek worries about the challenge of facing attacks from more sophisticated adversaries. In the fight against more advanced threats, it's imperative to take a holistic look at the attack surface and have sophisticated log analysis capabilities.
"So if you have your infrastructure hardened and your applications are well developed, then it would make sense to invest in a team that looks through the logs and tries to find patterns in there," Kandek said. "The tools are becoming available in that area, but I don't think they are easy to use yet and they require trained users.
|
|
Linear Mode
