Application & Web Security

Topic 3: Access Control demonstrated how critical it is to secure one's physical assets, and Topic 4: Cryptography showed that cryptographic methods ensure the confidentiality and/or Authenticity of data.

However, these aren't the only realms of computing where security measures must be taken: processing of data (a.k.a., by an application) and transmission of data (via a network) must be secured as well.

Moreover, compared to physical/hardware security, for example, making sure that an application is secure (that is, that it handles data securely) is far more difficult due to the enormous number of ways in which 'things can go wrong', such as app misconfiguration, invalidated inputs, errors in coding, man-in-the-middle attacks, man-in-the-browser attacks, session hijacking, weak encryption keys, weak passwords, weak authentication mechanisms, SQL injection, and buffer overflows.

In this chapter, we will review the various sorts of issues that can happen with the functionality of an application and the remedies to / prevention of these issues. Later, Topic 8 will touch on network security.