Securing Business Apps
Rise of the White Collar Crackers
Rise of the White Collar Crackers
Section 4 - Conclusion
There are many many factors that go into creating a secure application.From the obvious, like database security, right down to the actual coding implementation and security models it is based upon.
Attacks can come in many various shapes and sizes, this paper just mentions some. A motivated skilled attacker can pull of some pretty creative and amazing things.
The core problem with most of this sample, (and many apps found throughout industry) is that it used an application level security mechanism to control the actions of the users. This means that code running on the client machine is responsible for making the decisions to allow or deny an action.
Unless your computing environment is tightly controlled to not allow any unauthorized programs, or you take specific anti-cracking measures in your application you could be quite susceptible to these types of attacks.
When in doubt, have your applications audited by skilled personnel.
This paper is brought to you by Sleuth. Sleuth is a Web application auditing toolbox that allows to you efficiently poke, prod, push, and wrench your way into any corner of your web applications, using quick, efficient, visual tools.
Visit us on the web at http://sandsprite.com/Sleuth/ to learn more!
|
|