Web applications and security challenges
The pioneer in this rather new field is Microsoft with the Microsoft Office Live software application package and Google with the newly released office software suite. However, online applications generally still follow the trail of applications on the desktop. That is, web applications are now beginning to face serious security issues.
Within a week (August 28 - September 3), SANS Institute discovered a total of more than 60 new security bugs in online applications. This number is 30 times the number of security flaws in Windows operating system, Mac OS X and Internet Explorer, 20 times the number of bugs in Linux (3 errors), more than 6 times the number of errors in Windows applications ( 9 errors) and more than 3 times the number of errors in multi-OS compatible applications (16 errors) detected in the same time period.
New technology and new issues .
Mr. Douglas Merrill - Vice President in charge of Google's technical issues - acknowledged that the web application programming method is not as complete as the application programming methods on desktop computers. New technology often means new problems.
The vice president of Google said that SANS Institute took a number of security flaws to compare the security between web applications and desktop applications as an inadequate comparison, because SANS Institute did not Considering how long these apps have appeared. The number of security errors that exist in the application will decrease over time.
Merrill also affirmed that Google pays great attention to both security and user protection and protects its own intellectual property and identity. Google not only established a team dedicated to software source code error checking, but also trained engineers in programming methods to detect security issues and secure programming, how to use programming libraries. popular to avoid repeated security issues. This means that Google's application source code is tested across multiple levels and stages. " Every Google employee has a responsibility to develop safe products with the goal of all for the user. Providing safe products is a show of respect for your customers ."
Not only Google but Microsoft since 2002 has focused significantly on resources and efforts to improve the security of web applications. Recently Microsoft has been constantly hiring, hiring, or buying security resources. Earlier this August, Microsoft recruited virus researcher Vincent Gullotto from security firm McAfee. Gullotto has now become the team CEO and reacts to Microsoft's security issues.
Businesses are also concerned about security issues not less than security firms. Director of Google's enterprise product, Matt Glotzbach, affirmed that his employees also frequently discussed with customers about security issues. In Google's senior leadership there is a very clear message: " Desktop application and web application security must be treated equally ."
Brad Friedman - Vice President for IT matters of Burlington Coat Factory retailer - also said that security issues in web applications and in desktop applications must be the same regardless of application type. Applications require different risk reduction methods. " For example, if I can't view Google Writely web application more than Microsoft Word or vice versa, the key point is that both of these applications must apply security levels to protect it against attacks. public , "said Friedman.
Enterprise-class security is the next layer of security on desktop computers. The situation is quite similar to web applications. The only difference is in the application scale. If the desktop application is deployed on the scale of individual computers and businesses, the web application is deployed on an Internet scale.
However, there is not yet any complete security solution at all. Enterprises must consider themselves between the benefits and risks in deploying web applications.
Prospects
" Easily fixing security errors is one of the advantages of web applications ," Merrill said. " Trying to fix a security error when it is detected is never an easy task. But it is always easier to fix a server's security vulnerability than to fix a security error on one. Very large number of client systems ".
Mr. Merrill said that there will be many organizations that will "bury" PCs and will switch to using web applications, because the work of security patches for PC applications is too heavy.
However, experts also forecast that there will be a significant increase in the number of web application attacks through security errors here. Anyway, from now on, businesses will trust in the web application more, because they consider software for personal computers now too bad, on some angles.
Trang Dung
- Web application security: manual penetration or automatic scanning
- Bank security is still loose
- Microsoft released two latest applications
- McAfee, Trend Micro fixes security applications
- The law explains why sometimes we say we want to achieve something but give up a few days later
- Oracle has 23 security holes in applications
- Microsoft patched 10 security holes
- Climate change challenges national security
- Apple fixes 26 Mac OS X security bugs
- Microsoft does not patch Word 2000
- Top best science apps for phones
- Apple bit 54 software security errors