Page 276 - StudyBook.pdf
P. 276

260    Chapter 5 • Communication Security: Web Based Services

             Eliminating Scripting Vulnerabilities

             Maintaining a secure Web server means ensuring that all scripts and Web applica-
             tions deployed on the Web server are free from Trojans, backdoors, or other mali-
             cious code. Many scripts are available on the Internet for the use of Web
             developers. However, scripts downloaded from external sources are more suscep-
             tible to coding problems (both intentional and unintentional) than those developed
             in-house. If it is necessary to use external programming code sources, developers
             and administrators should employ quality assurance tests to search for out-of-place
             system calls, extra code, and unnecessary functions.These hidden segments of
             malevolent code are called logic bombs when they are written to execute in response
             to a specified trigger or variable (such as a particular date, lapse of time, or some-
             thing that the user does or does not do).



              NOTE

                  To learn more about secure programming of Web applications, there are
                  numerous resources in print and on the Internet that you can refer to. A
                  comprehensive resource is the Syngress publication, “Hack Proofing Your
                  Web Applications,” which provides detailed information on how to
                  develop secure applications for intranets and the Internet.
                      Often, it is useful to use sources that focus on the language the
                  application is programmed in, as they will also provide examples and
                  source code that will suit your needs. For example, if you are program-
                  ming applications in Visual Basic, C#, C++, ASP, ASP.NET, or other lan-
                  guages developed and supported by Microsoft, the Microsoft Developer
                  Network (http://msdn.microsoft.com) is a valuable site with significant
                  information. Similarly, information on Java programming can be found
                  at Sun’s Web site (http://java.sun.com), or IBM Developerworks site
                  (www.ibm.com/developerworks), which also provides information on
                  XML.
                      Using these sites, you can obtain an overview and detailed informa-
                  tion on many aspects of secure programming. Some of the sites with
                  articles and items dealing with specific topics that are worth investi-
                  gating include:
                       ■  Understanding Security, http://msdn2.microsoft.com/en-us/
                          security/aa570420.aspx
                       ■  Writing Secure Code, http://msdn2.microsoft.com/en-us/security/
                          aa570401.aspx





          www.syngress.com
   271   272   273   274   275   276   277   278   279   280   281