[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [WEB SECURITY] Web Applications on Line

From: "Schmidt, Albert E" <AES@xxxxxxxxxxxxxxx>
Subject: RE: [WEB SECURITY] Web Applications on Line
Date: Wed, 21 Dec 2005 09:24:03 -0500

George,

I am not necessary in favor of placing all applications on the web.  I
do believe that if the application needs to be made publicly available
then the application can have a web server interface.  That is where a
web server sitting in a DMZ interfaces with a back end application
server.  Please note you will have to do everything possible to protect
the web application server (harden firewalls, application firewall,
harden servers, IPS, etc.).  You must decide if the returns from placing
the application on line are worth the investment.  

Albert Schmidt, CPA
Senior information System Auditor
Office of Legislative Audits

-----Original Message-----
From: Greenarrow 1 [mailto:Greenarrow1@xxxxxxx]
Sent: Wednesday, December 21, 2005 3:33 AM
To: websecurity
Subject: [WEB SECURITY] Web Applications on Line


I find it interesting the push to take applications off the hard drive
and 
place them on the web.  With the security problems that are occurring
daily 
one must really Take a Risk Assessment before even attempting this sort
of 
movement, ie, one still has to back up as would you depend on the vendor
to 
secure your backups, what about break ins at the vendor and insecure 
applications?  While they can scan for viruses and malicious programs
can 
they also monitor your private email accounts?  What about your Privacy
or 
Corporation matters that are handled over the internet?  I do not feel 
applications are yet written securely enough for a Web Application to 
protect a  users' computer.  Who is responsible if a hacker or a
malicious 
program does get to your computer and either corrupts or deletes your
data 
if the Web Application is a Firewall or Anti-Virus Program?  There are
just 
to many ifs and buts on securing applications at present for this type
of 
function to go main stream.

I am interested to see what your responses towards this are.  Would you 
trust Web Applications to secure your computers or company data?


Regards,
George
Greenarrow1
InNetInvestigations-Forensics 

---------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/


---------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/


---------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/

Follow-Ups:
- Re: [WEB SECURITY] Web Applications on Line
  - From: Prasad

Prev by Date: [WEB SECURITY] XSS vulnerabilities in Google.com
Next by Date: [WEB SECURITY] new attack technique? using JavaScript+XML+OWS Post Data
Previous by thread: RE: [WEB SECURITY] Web Applications on Line
Next by thread: Re: [WEB SECURITY] Web Applications on Line
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site