Home
Business Guide
 
simplicable technology guide   »  security   »  web security: battleships and locusts

Web Security: Battleships and Locusts

        posted by , March 05, 2013

Websites take inputs from a variety of sources and generate web pages, formatted data, transactions and errors.

web security

Battleships

Threats always arrive in input.

Websites take streaming input from a variety of sources: web browsers, databases, services, processes, commands etc... Threats occur when someone tries to hide a battleship in one of those streams.

A battleship is input designed to compromise web security. Often a single input can bring a web site down, compromise data or deface the site.

The key to defending a site against battleships is detection — if the battleship can be detected the input can be thrown out.

Locusts

Sometimes threats contain no malicious data whatsoever. For example, consider a distributed denial of service attack (DDoS) — perfectly valid requests may be used.

A locust is input that on its own would be harmless — but arrives in such quantity that it compromises web security. Often locusts are designed to interfere with availability — crashing sites or making them too slow to use.

It is more difficult to defend a site against locusts — if they arrive in sufficient numbers even secure websites are vulnerable.

Secure Website Development

Secure website development is a cyclical process of security design, coding, code reviews and testing.

software security process


3 Shares Google Twitter Facebook



Related Articles



Enterprise Architecture
How to architect an organization.




Current state blueprints capture business, data and implementation architecture at the conceptual, logical and physical levels.

Enterprise Architects must choose their words very carefully.

ITIL 2011 (v3) identifies 25 core processes. Here they are.

Learn about common root causes of security risks.


Recently on Simplicable


Enterprise Architecture Guide

posted by John Spacey
A large collection of enterprise architecture tools.

What Big Data Really Means

posted by John Spacey
The 3 things you need to know to cut through the big data hype.

9 Reasons You Need a Current State Architectural Blueprint

posted by Anna Mar
A current state enterprise architecture blueprint represents your organization's high level architecture. It's probably the most important documentation that any IT organization can create and maintain.

The 5 Levels of Enterprise Integration

posted by Anna Mar
Enterprise Integration has traditionally focused on moving data from one database to another. Recent technology trends have challenged this approach.

Sitemap













about     contact     sitemap     privacy     terms of service     copyright