[WEB SECURITY] Web Applications on Line

Schmidt, Albert E AES at ola.state.md.us
Thu Dec 22 10:14:38 EST 2005


I have nothing against web applications.  However, I feel that there has
to be a business need to move to a web based application.  Additionally,
I am skeptical when entities (business or government agencies) move
applications from one platform to another.  Much too often I find that
security is considered as an afterthought and that there is little or no
thought of applying security during the migration to the web
application.  Even if security is considered during the migration
process, it usually concerns issues that had been on the older system
and does not take into effect new security concerns that arise from
migrating to the web application.  

-----Original Message-----
From: Prasad [mailto:list.tomcat at gmail.com] 
Sent: Thursday, December 22, 2005 9:53 AM
To: Schmidt, Albert E
Cc: Greenarrow 1; websecurity
Subject: Re: [WEB SECURITY] Web Applications on Line

Albert,

Interesting thought but would it solve the problem at the roots ? I have

come so far learning
that web apps are a different species than compiled (resident) apps and 
that firewall and
other sorts of perimeter security is something more of a surrogate 
protection mechanism
as far as web app security is concerned which no doubt is necessary in 
its own sense.

Well, I believe we all (the generation is) are moving more towards web 
as a platform
and sooner or later the concept of web as an operating system would gel 
into our lives
as smoothly as the concept of internet did in the past. Won't it ? Look 
at Google and Sun
talking about the future of Internet and a plethora of AJAX based 
applications already out
there vouching for this very idea.

OTOH I guess some of the concerns that Geroge raised are still 
applicable in todays desktop
application environments.

-Prasad.

---------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/



More information about the websecurity mailing list