Home >Knowledge Center > Technologies Trends
          
 

Security issues in web enabled applications *

Most web applications use encryption technologies, firewalls, and intrusion-detection tools to ensure application and data security. While these security measures are essential, they do not eliminate all possible security threats.  As more and more business transactions are happening over the web, applications are at an increased risk of being sabotaged or data being leaked by external agents.
With the penalty of data being leaked over the internet becoming stricter, it is very important that companies are aware of the potential risks in the web world. Below are the common myths about web application security

  • Myth #1 : Secure Socket Layer (SSL) will Secure my Website
    SSL does NOT make a website secure. The tiny SSL lock symbol located at the bottom of a web browser indicates that the information sent to and from a website is encrypted. Nothing more. SSL has no ability to protect the information stored on the website once it arrives.  Websites using strong 128-bit SSL have been hacked with the same frequency as those that do not.
    It’s important to understand what the lock symbol represents in the security landscape. Secure Socket Layer (SSL) is an encryption protocol that enables a website to prove to a user that it is what it claims to be. SSL also ensures that if someone intercepts the conversation between the user and the website, the exchange cannot be read. SSL has absolutely no impact on website security or the manner in which a user’s private information is safeguarded.

  • Myth #2 : Firewalls Protect against Web Application Attack
    Firewalls allow web traffic to pass through to a website, but lack the ability to protect the site itself from malicious activity. With the use of firewall ACLs (“Access Control Lists”). Securely configured ACLs will deny traffic entering a network except a permitted set of activities, such as web traffic and email. A port scan of most websites will reveal port 80 open (for http traffic) and often port 443 (for SSL traffic). Generally speaking, all other traffic is blocked by the firewall. But once ACL has allowed a visitor beyond the firewall and through to the website, all security protections provided become meaningless. 

Click here for more myths

For more information on potential risks faced by your application security and their resolution, please contact us.

*content courtesy white hat security



Print this page   Email to Friend