Security Requirements - JSP

We’ll start with a question:What are the security requirements of a Web application? The answer depends on your perspective. If you are a user, you will have one set of concerns. If you are running the site, you will need to consider those concerns, plus a number of other concerns of your own.This question, therefore, will be answered from two perspectives: first from the site user’s perspective, and second from the developer’s perspective.

Security—From a Site User Perspective

If you have been working through this book sequentially, you should be familiar by now with our shopping cart application. In this application, users are able to browse DVDs, books, and compact discs, and add them to their shopping cart. However, there is no purchase functionality in the Web site. If there were, this would have some security implications. Simply browsing the site and adding items to a cart is not a problem.The problems come when users want to purchase the products using their credit card or pass other sensitive information over the Internet.From a user’s perspective, the concerns are

  • When my creditcard number travels across the Internet, how can I be sure that no one will intercept it?
  • Is the Web site really the Web site it says it is?

There is another concern, although not particularly focused on by commerce site users:

  • How can I be sure that my data has not been tampered with?

These three issues are the main concerns that need to be addressed when securing Web applications. Fortunately, technologies exist to address each of these issues.

Security—From the Site Perspective

As well as requirements that are foremost in a user’s mind, there can be other such security requirements from a developer or business analyst perspective:

  • Restricting user access to resources
  • Confirming that users are who they say they are (particularly for banking and financial services sites)
  • The passing of security credentials through to different parts of a disparate application Table shows a summary of the various security requirements.

Security Requirements of Web Applications

Security Requirements of Web Applications

All rights reserved © 2020 Wisdom IT Services India Pvt. Ltd Protection Status

JSP Topics