Common Web Application Problems
Web applications do not necessarily have their own special types of problems but they do have some of their own terms for problems as they appear on the web. As web application testing has grown, a specific security following has grown too and with that, a specific classification of web vulnerabilities.
Contact for any Technical Support Consultancy info@indexsolutions.in
or visit on our official site : www.indexsolutions.in
| Terms | What it means | Web Examples |
|---|---|---|
| Authentication | These are the identification and authorization mechanisms used to be certain that the person or computer using the web application is the correct person to be using it. | Every time you login to a web page that has your personal data then you are authenticating. Authentication often means just giving a login and password.Sometimes it means giving an identification number or even just coming from n acceptable IP Address (white-listing). |
| Non-Repudiation | A record that proves that the data sent to or from the web application was really sent and where. | Although you may not see it, most web applications keep track of purchases you make from a particular IP address using a particular browser on a particular operating system as a record that it was most likely smeone on your computer who made that purchase.Without specific “authentication” they can't guarantee 100% it was you though. |
| Confidentiality | A way to assure that communication with the web application cannot be listened in on by another person. | The HTTPS part of interaction with a web application provides pretty good confidentiality. It does a decent job of making your web traffic with the web app from being publicly readable. |
| Privacy | A way to assure that the way you contact and communicate with the web application cannot be pre-determined by another person | While it is very rare, it is not unimaginable that a web application that contains very private information would not even show you it is there unless you come from the right place and know the right secret combination to get the web app to be accessible. One way is to have to click a picture in 5 different places in a specific order to get to the login screen.Another manner is called port-knocking and it means that the server requires a pecific sequence of interactions before it opens a port, such as the HTTP port, to he user. |
| Safety | This is how we protect the web application from it's own security devices. If security fails, we need to make sure that it does not affect the operation of the web application as a whole. | It is very possible to have an application use a daemon that can re-initialize itself or even prevent an attack from crashing any part of itself by presenting itself only virtually.You can also find scenarios where a web app uses an intrusion detection mechanism that “stops” attacks by blocking the attacker by IP address. In this case, we can't say Safety exists if the security device is configured to prevent an attacker from spoofing the web app's own resources and causing this defense to block important traffic. Instead, it is considered either a misconfiguration of the defense or in some cases a weakness of design. Don't confuse a poorly made or “accidental” defense with a designed loss control. |
Contact for any Technical Support Consultancy info@indexsolutions.in
or visit on our official site : www.indexsolutions.in
Comments
Post a Comment