As we know, the growth of the internet was in the rapid paces; a lot of high bandwidth internet services had been provided and introduced into the world market. The web is changing fast from a one-way medium for ‘brochure-ware’ to a highly interactive and increasingly mission-critical platform. With this rapid evolution in web technology, web-based application now been considered as a part of the E-business world and been widely implemented.
Mean while, the changes or development in web technology also bringing with new species of parasite, such as spyware, adware, key-loggers, blog-spam, and IM viruses. In other word, the possibility of a web-based system been hacked had increased. Security is the critical issues that need to be concerned in order to protect the web from the hazards of uninhibited browsing, and also protect the private and confidential information from unauthenticated persons.
What does “security” mean when within an application? Security means protecting something from being attack by outside factors. When we come to “security” this term, most of us will think about hacking, viruses, worms, backdoor Trojan horses and bombarding the web sites with denial service attack. It is because, it been exist quite a period of time in the market and it act as a, but actually it is just part of the security problems. Let get a few examples, internal threats that made by rogue employees in the company or casual user who accidentally accessed sensitive data. All these problems had been ignored by many people. It is also a serious issue that may cause the company or organization business environment into red condition.
Due to this factor, one company or organization should ensure that the secure procedures are implemented within their own application, especially the authentication process and also the session state management of each user. Currently in this century, several authentication patterns had been introduced into this market, as a developer, he or she have to choose among these patterns to suit their company environment and needs or requirements.
In this seminar, I am going to discuss majorly on this web-application security issues, and the effective ways to implement a secure web-application. Mean while, I will briefly discuss and compare the available authentication patterns 1. What does “Security” mean?
As I mentioned before, security mean protecting something or own assets from being harmed or attacked by other factors, such as hacking, un-ethically use of system information.
A good system should not only consist of good functionality with it, but it is also must applied with a good security within the system, then only the system considered as a good system. In other word, security took a very important role in developing a good and secure system. Let get some example, if there is one application system A, it have very good functionality with it, but the system A does not have much security pattern been implemented, eventually, even though the system able to help users in solving a lot difficult tasks, but they system unable to protect all the private and confidential information.
This information may include the company’s customers list, employees or customers personal information (such as home address, email address, salary information), company workflows, pricing system between company and customers or company with vendors or suppliers (it is refer to the price that a company offer their customers, or the price of some products that the company get from vendors or suppliers). Spreading of the information may lead the company business into a danger status; the worse case may happen is the termination of the company business.
3.2 Six important elements in Security
There are six important elements in security that need to be consider while developing a good and secure web-based application system....