Using Security Patterns in Web -Application
(Sprache: Englisch)
Web-Application have been widely accepted by the organization be it in private, public or government sector and form the main part of any e-commerce business on the internet.
However with the widespread of web-application, the threats related to the...
However with the widespread of web-application, the threats related to the...
Voraussichtlich lieferbar in 3 Tag(en)
versandkostenfrei
Buch (Kartoniert)
44.99 €
- Lastschrift, Kreditkarte, Paypal, Rechnung
- Kostenlose Rücksendung
Produktdetails
Produktinformationen zu „Using Security Patterns in Web -Application “
Klappentext zu „Using Security Patterns in Web -Application “
Web-Application have been widely accepted by the organization be it in private, public or government sector and form the main part of any e-commerce business on the internet.However with the widespread of web-application, the threats related to the web-application have also emerged. Web-application transmit substantial amount of critical data such as password or credit card information etc. and this data should be protected from an attacker.
There has been huge number of attacks on the web-application such as SQL Injection , Cross-Site Scripting , Http Response Splitting in recent years and it is one of the main concerns in both the software developer and security professional community.
This projects aims to explore how security can be incorporated by using security pattern in web-application and how effective it is in addressing the security problems of web-application.
Lese-Probe zu „Using Security Patterns in Web -Application “
Chapter 7, Analysis of Security Patterns:7.1 Analysis between main security pattern and related pattern:
In this section I will be explaining the benefits and liabilities of implementing the pattern between the main security pattern and related security pattern in detail along with my view and researcher view about the patterns. The style which I will use for addressing this section of my thesis will be summary based. However I will divide the sections into four major sections in discussing the patterns.
7.1.1 Secure Pipe Pattern versus Message Intercepting Gateway:
I have already explained on my earlier chapters about the working of this pattern in detail with the help of a diagram. However the after effect of the implementation is one the most vital part of any implementation.
There are several strategies which are followed by the industry expert to implement secure pipe pattern such web-based SSL/TLS, Hardware-based, where cryptographic card had been installed to enhance the processing time and lastly with the help of the network hardware which act as the dedicated endpoints for SSL/TLS where as the strategies followed for implementing message interceptor gateway is different. Message interceptor gateway can be applied with the help of network appliances such as firewall etc. However the other way of implementing the message interceptor gateway is through the pluggable agent module. These pluggable agent modules can be configured on the web-server or application server and serves as the infrastructure which manages the information and security policies of the application server.
Secure pipe pattern take cares of the confidentiality and integrity of data during communication by establishing secure channel for communication. Both these services are provided with the help of encryption and digital signature as its uses the SSL/TLS protocol. Message intercepting gateway also provides transport level security by intercepting the message and verifying the
... mehr
message for confidentiality, integrity and non-repudiation. However its gives some of the extra functionality which secure pipe pattern does not provide. Since it is implemented at gateway level it also safeguard the web-application from DOS attack, brute-force message replay attack, malicious payload attack and man-in-the middle attack. Moreover as it is controlled centrally it can provide management services such as authentication, authorization, audit trails, off-loading etc.
On the other hand secure pipe pattern provides great flexibility in interoperability with the help of the industry infrastructure product and standard protocol such as SSL/TLS, IPSec. Moreover by implementing hardware based cryptographic processing module gives a enhance performance in the overall application level processing. Lastly one of the most vital benefits of the secure pipe pattern is its reduced complexity. Secure pipe pattern basically does the separation of complex cryptographic algorithm from application logic. The procedures of providing secure communication are further pushed to the infrastructure level and the application will only take care of the business logic which makes the application lightweight and highly productive.
Secure pipe pattern is the internal part of web application architecture and to provide confidentiality and integrity its uses the industry standard known as SSL/TLS. It is totally dependent on this protocol because without this protocol secure pipe pattern implementation will become very complex and management will be bottle neck. Also there is involvement of trusted third party such as certificate authority to deal with public key management and trust model. The vital point out here is that this trusted third parties also come up with lots of issues in their operation and it won t be good idea for the developer to fully rely on the third party for certificate chain management. However it helps the developer to take the benefit of certificate chain to ensure
On the other hand secure pipe pattern provides great flexibility in interoperability with the help of the industry infrastructure product and standard protocol such as SSL/TLS, IPSec. Moreover by implementing hardware based cryptographic processing module gives a enhance performance in the overall application level processing. Lastly one of the most vital benefits of the secure pipe pattern is its reduced complexity. Secure pipe pattern basically does the separation of complex cryptographic algorithm from application logic. The procedures of providing secure communication are further pushed to the infrastructure level and the application will only take care of the business logic which makes the application lightweight and highly productive.
Secure pipe pattern is the internal part of web application architecture and to provide confidentiality and integrity its uses the industry standard known as SSL/TLS. It is totally dependent on this protocol because without this protocol secure pipe pattern implementation will become very complex and management will be bottle neck. Also there is involvement of trusted third party such as certificate authority to deal with public key management and trust model. The vital point out here is that this trusted third parties also come up with lots of issues in their operation and it won t be good idea for the developer to fully rely on the third party for certificate chain management. However it helps the developer to take the benefit of certificate chain to ensure
... weniger
Bibliographische Angaben
- Autor: Shahnawaz Alam
- 2014, Erstauflage, 72 Seiten, 10 Abbildungen, Maße: 15,5 x 22 cm, Kartoniert (TB), Englisch
- Verlag: Anchor Academic Publishing
- ISBN-10: 3954892669
- ISBN-13: 9783954892662
Sprache:
Englisch
Kommentar zu "Using Security Patterns in Web -Application"
0 Gebrauchte Artikel zu „Using Security Patterns in Web -Application“
Zustand | Preis | Porto | Zahlung | Verkäufer | Rating |
---|
Schreiben Sie einen Kommentar zu "Using Security Patterns in Web -Application".
Kommentar verfassen