Web Security: Applications, and Tools - Essay Example

?Web Security: Applications, and Tools XXXXX XXXXX Wednesday June 12, English INTRODUCTION AND BACKGROUND Web security is a branch of Information Security that deals with the security of websites, web applications, and web services. At higher levels, web security operates on the ethics of application security and applies them to Internet and web systems.When web application security is mentioned, there is an inclination to at once think about hackers defacing web sites and bombarding web sites with rejection of service attacks. These types of problems represent some of the most important threats faced by today's web applications. The answer to web security is broader than just technology. It is an unending process involving the users and practices.Security is a path, not a target. As oneevaluatesthe infrastructure and applications, theydiscoverprospective threats and realize that each threat presents its own levels of risk.Hence, security is all about risk management and putting in placevaluable countermeasures. FACTORS THAT CONTRIBUTE TO WEB SECURITY The knowledge of the user A good user is more concerned with their security in the web and in most cases, do not put their data at risk. Users therefore should have the right knowledge to be able to securely use the web. The technology that is in use at that particular time Present technology provide applications and tools that enables the user to be protected at all times. Users are always reminded to update their technology each and everytime to ensure that they are always secure. The necessary tools available for security Just like technology, various tools used by the user is also crucial to their security. Users should ensure that they have the right tools and should always update both their hardware and software. SECURITY CAN BE ACHIEVED BY ADDRESSING Responsibility of the user Many users are now educated on various ways to ensure that they are secure within the network There are different web applications that are created by JavaScript to ensure security of the users. Many tools have been created to ensure that third parties are completely denied access to information. Governments and other organizations are spending lot to ensure that their data is protected they do this by using the latest technology and tools available in the market. SWEET relevance to security SWEET is a tool that ensures that users are taught to learn to operate in a secure manner (Li-Chiou and Lixin 2012). Trying to make web application to match those of desktop applications. This will reduce the amount of attacks on web applications. Even though many authors have similar views on how to ensure that the user is protected from unknowingly sharing their information to third parties, there are a lot of controversial ideas that different authors hold on ensuring that the user is well protected Li-Chiou, Chen, and Lixin Tao mainly focus in the use of SWEET to ensure that the user is protected. Kapodistria, Helen, Sarandis Mitropoulos, and Christos Douligeris insists that the user should be educated on how to protect themselves from attacks. Torchiano, Marco, FilippoRicca, and Alessandro Marchetto mainly focus on the building od secure web applications such as those in desktop applications Table.1 A study in Netherlands. Compares the defects of both web and desktop applications. The two-way ANOVA figure is an analysis to see if indeed there is a significant notable difference in the two defects of applications. (Taken from Torchiano, et al. 2011, 159) SWEET DEVELOPMENT Design Sweet configures a computing environment using virtualization technology which simply means running emulator software on a computer so as to emulate another desired computer. The computer being used and the virtual computer run different or same systems. Virtualization has been used worldwide in both educational demonstrations and commercial systems. Developments such as Microsoft Virtual PC, VMware are results of virtualization. In our development, user computers were locally run on by SWEET computers (Li-Chiou and Lixin 2012). Visualization Firstly Client-side virtualization do not need internet connections thus isolates web security exercises to the network preventing spilling effect on the internet which is an advantage over server-side virtualization. Secondly virtual computers are portable, reduce pressure on the servers, can be distributed by web downloading flexible, easy to maintain and easily modified. HISTORY OF WEB SECURITY The internet though a fascinating technology lacks geographical borders thus raising concerns about conducting business online because there are those who focus on penetrating to steal important info. Of late hackers have focused on web applications that allow shopping and communication with countries companies mainly because these have increased users who use databases for exchange of info (Alanazi & Mohamed, 2011). SQL is a method used by hackers it’s dangerous because it can damage a whole system but also very easy. It’s an attack whereby SQL code is appended into the application user input parameters then passed to another SQL server knows as the back-end SQL for execution. This is very dangerous it allows hackers to hack without using a password thus compromising privacy and integrity of data especially if sensitive. Preventing SQL Injection Removing a single quotation mark because verification occurs from this. Replacing a single quotation mark with two single quotation marks in the string input Removing TSQL comments like /**/ and – to reduce chances of damaging data. Using policy systems that are secure by limiting options to maybe only writing and reading Creating awareness to web security Creating awareness to web users on web security is very important. As seen earlier, knowledgeable users are less prone to attacks than users who do not have the right knowledge needed for web security Due to this factor, many companies are creating awareness to users to always be on the look especially for fisher software that can be used to hack into their accounts. With the right knowledge, the user is able to (Wills, 2011). There are behaviors that users have to avoid whenever they are in the web to avoid sharing their information to third parties. First is that they should never give out their passwords to any stranger as this may pose a threat to their security in the web Users should be taught on the most secure web applications to use when on the net and they have to know that web applications are not that secure All web users should be educated on how to protect themselves by the use of a firewall. With this, they are able to ensure that they are always safe whenever they are on the web Tools To Detect Web Attacks DotDefender is a web application tool that was developed to help cub the increasing number of web attacks and it has been able to do wonders. It acts as a firewall to protect users from third party attacks. It identifies any threats and alerts the user. There are also malicious objects that are not allowed to pass through the firewall. The type of protocol in use is also a determining factor to security and hence it is the responsibility of every user to ensure that they use the right protocol (Kapodistria, 2011). There are many proposed tools that will be developed by different developers and each tool is designed to help solve a certain web problem this ensures that the user has a collection of tools to choose whenever faced with any security threat. There are various web tools that can detect record and or prevent any attack that comes from the net. The kind of OS that the user is using is very important for these tools to be functional. Web Versus Desktop Applications Web applications are known to be more prone to security threats as compared to desktop applications and it is because of this that many developers are coming up with ways to make web applications that have protocols similar to those of desktop applications (Torchiano, 2011). For web applications to be less prone to security issues, the developers need to focus on testing. Testing ensures that threats are removed and that web addresses are properly defined from destination and the origin. Web applications tend to have more security defects as compared to desktop applications. There are several loopholes that can provide access to third parties into the accounts of unsuspecting users. Web applications need to be designed with different protocols that will not only ensure security but will also build a well defined approach to securing the website. Fig. 2 Box plot of percentage of defects is presentation layer per type of application. Intelligent Information Systems To help web users have a secure web system, developers are using artificial intelligence to develop secure systems that can automatically detect threats and ensure that they are removed without the involvement of the user (Achkoski Dojchinovski, 2011). These systems ensure that they protect the user without their knowledge. Even though sometimes they might become a nuisance they are vital to the protection of the user data. CONCLUSION Web security is not an instant success story but, instead, requires ongoing implementation of counter measures that try to curb any malpractices that may pose a threat to secure information transfer. With the right technology and tools, the user is able to successfully transfer information and receive it without any leakage. Several experts have come up with different tools such as SWEET that provides a better environment for the training and management of security operations in the web. There are also various web tools that can detect record and or prevent any attack that comes from the net. References 1. Li-Chiou, Chen, and Lixin Tao. “Teaching Web Security using Portable Virtual Labs.” Educational Technology & Society,15.4 (2012): 39 –46. ProQuest 2. Alanazi, Fahad, and Mohamed Sarrab. "The History of Web Application Security Risks." International Journal of Computer Science and Information Security 9.6 (2011): 40-47.ProQuest 3. Torchiano, Marco, FilippoRicca, and Alessandro Marchetto. "Are Web Applications More Defect-Prone than Desktop Applications?" International Journal on Software Tools for Technology Transfer 13.2 (2011): 151-166.ProQuest 4. Wills, Craig E., and Zeljkovic, Mihajlo. "A Personalized Approach to Web Privacy: Awareness, Attitudes and Actions." Information Management & Computer Security 19.1 (2011): 53-73.ProQuest 5. Kapodistria, Helen, Sarandis Mitropoulos, and Christos Douligeris. "An Advanced Web Attack Detection and Prevention Tool." Information Management & Computer Security 19.5 (2011): 280-299. ProQuest 6. Achkoski, Jugoslav.,Trajkovik, Vladimir., and Dojchinovski,Metodija. "An Intelligence Information System Based on Service-Oriented Architecture: A Survey of Security Issues." Information & Security 27.1 (2011): 91-110.ProQuest Read More