[WEB SECURITY] Web Applications on Line

Maxim Kostioukov maxim at francoudi.com
Fri Dec 23 05:49:58 EST 2005


>From the article  "Businesses and their customers have fallen in love with the idea of gaining access to information
and services using merely a Web browser. And developers understandably have focused more on new features
they can offer users and less on ways to prevent applications from being misused."

That is the point. Security is a trade-off between profit and cost. Yet another terrible analogy  :) - that is why cars
won a victory (in general) over horses... Add here lack of awareness on security for management and
developers - you get the bad picture. Nothing special for web apps technology itself...

Merry Christmas to Everyone!

-----Original Message-----
From: Greenarrow 1 [mailto:Greenarrow1 at msn.com]
Sent: Friday, December 23, 2005 2:44 AM
To: Prasad; Schmidt, Albert E
Cc: websecurity
Subject: Re: [WEB SECURITY] Web Applications on Line


Though I find this article in Internet Week quite interesting about web 
applications and security:

http://internetweek.cmp.com/showArticle.jhtml?sssdmh=dm4.161613&articleID=175002823

Regards,
George
Greenarrow1
InNetInvestigations-Forensics


----- Original Message ----- 
From: "Schmidt, Albert E" <AES at ola.state.md.us>
To: "Prasad" <list.tomcat at gmail.com>
Cc: "Greenarrow 1" <Greenarrow1 at msn.com>; "websecurity" 
<websecurity at webappsec.org>
Sent: Thursday, December 22, 2005 7:14 AM
Subject: RE: [WEB SECURITY] Web Applications on Line


I have nothing against web applications.  However, I feel that there has
to be a business need to move to a web based application.  Additionally,
I am skeptical when entities (business or government agencies) move
applications from one platform to another.  Much too often I find that
security is considered as an afterthought and that there is little or no
thought of applying security during the migration to the web
application.  Even if security is considered during the migration
process, it usually concerns issues that had been on the older system
and does not take into effect new security concerns that arise from
migrating to the web application.

-----Original Message-----
From: Prasad [mailto:list.tomcat at gmail.com]
Sent: Thursday, December 22, 2005 9:53 AM
To: Schmidt, Albert E
Cc: Greenarrow 1; websecurity
Subject: Re: [WEB SECURITY] Web Applications on Line

Albert,

Interesting thought but would it solve the problem at the roots ? I have

come so far learning
that web apps are a different species than compiled (resident) apps and
that firewall and
other sorts of perimeter security is something more of a surrogate
protection mechanism
as far as web app security is concerned which no doubt is necessary in
its own sense.

Well, I believe we all (the generation is) are moving more towards web
as a platform
and sooner or later the concept of web as an operating system would gel
into our lives
as smoothly as the concept of internet did in the past. Won't it ? Look
at Google and Sun
talking about the future of Internet and a plethora of AJAX based
applications already out
there vouching for this very idea.

OTOH I guess some of the concerns that Geroge raised are still
applicable in todays desktop
application environments.

-Prasad.

---------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/ 

---------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/


---------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/



More information about the websecurity mailing list