[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[WEB SECURITY] note regarding Cobr4 request

From: "Andre Maisonneuve" <Andre.Maisonneuve@xxxxxxxxxxxx>
Subject: [WEB SECURITY] note regarding Cobr4 request
Date: Mon, 8 Aug 2005 10:35:47 -0400

------_=_NextPart_001_01C59C26.77B6EA76
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

To your question about "How can we optimize security?"

=20

One of the elements often mentioned is about "application security". I =
think this concept should be split into two components:

1 - building "secure" applications, meaning application that cannot be =
easily penetrated and that cannot induce risks into other applications =
they interact with.

2 - making sure that the required "network security" with the firewalls, =
IDS, IPS and all the alphabet soup, be completed by a security network =
acting at the application layer, not at the transport layer. This way, =
no malware can penetrate or cause harm to the "application". One must =
remember that 75% of successful attacks aimed at the Application layer, =
not at the network layer (Gartner)

=20

=20

Andr=E9 Maisonneuve

=20

=20


------_=_NextPart_001_01C59C26.77B6EA76
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<html xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns=3D"http://www.w3.org/TR/REC-html40";>

<head>
<meta http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<meta name=3DGenerator content=3D"Microsoft Word 11 (filtered medium)">
<style>
<!--
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0cm;
	margin-bottom:.0001pt;
	font-size:12.0pt;
	font-family:"Times New Roman";}
a:link, span.MsoHyperlink
	{color:blue;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{color:purple;
	text-decoration:underline;}
span.EmailStyle17
	{mso-style-type:personal-compose;
	font-family:Arial;
	color:windowtext;}
@page Section1
	{size:612.0pt 792.0pt;
	margin:70.9pt 89.85pt 72.0pt 89.85pt;}
div.Section1
	{page:Section1;}
-->
</style>

</head>

<body lang=3DFR-CA link=3Dblue vlink=3Dpurple>

<div class=3DSection1>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-CA =
style=3D'font-size:
10.0pt;font-family:Arial'>To your question about =
&#8220;</span></font><font
size=3D2 face=3D"Courier New"><span lang=3DEN-CA =
style=3D'font-size:10.0pt;font-family:
"Courier New"'>How can we optimize =
security?&#8221;<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3D"Courier New"><span =
lang=3DEN-CA
style=3D'font-size:10.0pt;font-family:"Courier =
New"'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3D"Courier New"><span =
lang=3DEN-CA
style=3D'font-size:10.0pt;font-family:"Courier New"'>One of the elements =
often
mentioned is about &#8220;application security&#8221;. I think this =
concept
should be split into two components:<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3D"Courier New"><span =
lang=3DEN-CA
style=3D'font-size:10.0pt;font-family:"Courier New"'>1 &#8211; building =
&#8220;secure&#8221;
applications, meaning application that cannot be easily penetrated and =
that
cannot induce risks into other applications they interact =
with.<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3D"Courier New"><span =
lang=3DEN-CA
style=3D'font-size:10.0pt;font-family:"Courier New"'>2 &#8211; making =
sure that
the required &#8220;network security&#8221; with the firewalls, IDS, IPS =
and
all the alphabet soup, be completed by a security network acting at the =
application
layer, not at the transport layer. This way, no malware can penetrate or =
cause
harm to the &#8220;application&#8221;. One must remember that 75% of =
successful
attacks aimed at the Application layer, not at the network layer =
(Gartner)<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-CA =
style=3D'font-size:
10.0pt;font-family:Arial'>=A0<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-CA =
style=3D'font-size:
10.0pt;font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-CA =
style=3D'font-size:
10.0pt;font-family:Arial'>Andr=E9 Maisonneuve</span></font><span =
lang=3DEN-CA><o:p></o:p></span></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-CA =
style=3D'font-size:
10.0pt;font-family:Arial'>=A0</span></font><span =
lang=3DEN-CA><o:p></o:p></span></p>

<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span =
lang=3DEN-CA
style=3D'font-size:12.0pt'><o:p>&nbsp;</o:p></span></font></p>

</div>

</body>

</html>

------_=_NextPart_001_01C59C26.77B6EA76--

Prev by Date: [WEB SECURITY] Re: [Full-disclosure] perfect security architecture (network)
Next by Date: RE: [WEB SECURITY] note regarding Cobr4 request
Previous by thread: [WEB SECURITY] perfect security architecture (network)
Next by thread: RE: [WEB SECURITY] note regarding Cobr4 request
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site