WebApp Sec mailing list archives
RE: [WEB SECURITY] How to Create Secure Web Applications withStruts
From: "Andre Maisonneuve" <Andre.Maisonneuve () validian com>
Date: Wed, 22 Mar 2006 10:30:40 -0500
Thanks for your comments... just a reminder that "application-layer security" products can be considered "out-of-the-box" also. Just embed into your protected applications and run! -----Original Message----- From: JAMES N. BARBIERI [mailto:JBARBIERI () HANOVER COM] Sent: 21 mars 2006 16:27 To: George Capehart; Stephen de Vries; Andre Maisonneuve Cc: bugtraq () cgisecurity net; webappsec () securityfocus com; websecurity () webappsec org Subject: RE: [WEB SECURITY] How to Create Secure Web Applications withStruts Also worth noting...adding additional application-layer security, on top of the "out-of-the-box" security adds additional protection against "bad guys" who can & will focus on ways to circumvent the Struts-based-only mechanisms...
"Andre Maisonneuve" <Andre.Maisonneuve () validian com> 03/21/06 9:24
AM >>> A very interesting topic indeed! An alternative to installing security in the web tier is to install security directly into the applications, so the security is controlled by the application itself, so it simplifies the implementation of the transport of data through any mechanism that you want to be installed, without having to worry about security. All data going through the intermediate layers will already be encrypted and will only be decrypted at the receiving application. Regards to all! -----Original Message----- From: George Capehart [mailto:gwc () acm org] Sent: 20 mars 2006 22:00 To: Stephen de Vries Cc: bugtraq () cgisecurity net; websecurity () webappsec org; webappsec () securityfocus com Subject: Re: [WEB SECURITY] How to Create Secure Web Applications with Struts Stephen de Vries wrote:
Great article!
<snip>
It may not be a big issue, but I think it's important to understand
how
choosing the web tier as a security provider could impact the extensibility of the app down the line.
Hola All, There was an interesting thread about a very similar issue (Is there any Security problem in Ajax technology?) not too long ago on sc-l . . . Thought the comment made by Yvan Boily was particularly insightful. FWIW, /g --------------------------------------------------------------------- The Web Security Mailing List http://www.webappsec.org/lists/websecurity/ The Web Security Mailing List Archives http://www.webappsec.org/lists/websecurity/archive/ ------------------------------------------------------------------------ - This List Sponsored by: SpiDynamics ALERT: "How A Hacker Launches A Web Application Attack!" Step-by-Step - SPI Dynamics White Paper Learn how to defend against Web Application Attacks with real-world examples of recent hacking methods such as: SQL Injection, Cross Site Scripting and Parameter Manipulation https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gR l ------------------------------------------------------------------------ -- ------------------------------------------------------------------------- This List Sponsored by: SpiDynamics ALERT: "How A Hacker Launches A Web Application Attack!" Step-by-Step - SPI Dynamics White Paper Learn how to defend against Web Application Attacks with real-world examples of recent hacking methods such as: SQL Injection, Cross Site Scripting and Parameter Manipulation https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl --------------------------------------------------------------------------
Current thread:
- RE: [WEB SECURITY] How to Create Secure Web Applications withStruts Andre Maisonneuve (Mar 22)