Information Security Management

Modern web applications run large-scale software applications for e-commerce, Information distribution, entertainment, collaborative research work, surveys, & numerous other activities. They run distributed hardware platforms & security system quotes. The software that powers web applications is distributed, is implemented in multiple languages & styles, incorporates much reuses & third-party components, is built with cutting edge technologies as stated (section above component based software) & must interface with users, other web sites & databases. Although. The word “heterogeneous” is often used for web software, it applies in so many ways that the synonymous term “diverse” is more general & familiar, & probably more appropriate [7]. The software components are often distributed geographically both during the development & deployment (diverse distribution), & communicates in numerous distinct & sometimes novel ways (diverse communication) [8].

Web-based software systems are created by combining a variety of components from various sources, such as custom-built special-purpose applications, customised commercial-off-the-shelf software components, and third-party software [7]. Much of the new complexity found with web-based applications also results from how the different Software components are integrated. Not only is the source unavailable might be hosted on computers at remote, even competing organization. To ensure high quality for the web systems composed of very loosely coupled components, which seriously required evaluate these Components connections [9].

Web software components are coupling more loosely than any previous software application [7]. AS it is stated above that e-commerce sites offer more than front-end servers, they usually run complex Middleware programmes such as CGI scripts, Java servlets, application servers & component-based-software such as EJB Java beans, Java 2 Enterprise Edition (J2EE), CORBA, COM & DCOM components-based solution. One reason for the emergence of this component-based software on e-commerce sites is the complexity of the software necessary to implement business application logic. This Complexity, in turn, introduces the more Software Flaws that can be exploited for malicious, gain [3].

The web’s function & structure have changed drastically, particularly in the past couple of years, yet most software engineering researchers, educators, & practitioners have not yet grasped how fully this changes affects engineering principles & process [7], example of a changes in last couple of years idea use of web 2.0 feature Ajax (The Ajax engine is the client-side code that handles calls between the client & server. Typically this would be a library of JavaScript function included on the page [10], more prone it is to have flaws in that any attacker with basic skills can use proxy software(or call script functions directly)to bypass the intended logic/business logic due to complexities involved & since more application logic is being delegated to web browsers, this idea of Ajax is leading to open flaw which allows intruders to easily read the source code & look for weakness area in the system middle tier application logic. Sharing business logic client-side reveals source information of the complete system, which is too dangerous combining representation logic, rendering logic & business logic & resides business logic client & Application sever-side. For example, Ajax-enable application with multiple levels of user account it was found that the site employed one JavaScript include file for the entire client-side logic.

This meant that an anonymous user with trail account could see the logic behind the administrator-level service call. The locations of all administrator service script were disclosed, providing invitation a definitive map of application to a potential attacker to attack business logic in the middle tier. Therefore, in this scenario EASI framework also get failed to protect the system integrity & security. Another example, developing a simple script that allows one to use thousands of e-coupons or using a similar script to open thousands of brokerage accounts that can each receive small deposits from a bank—usually around five cents—to verify transactions. In the end, one could end up making tens of thousands as shown in Figure 2.

Web sites are now fully functional software systems that provide business-to-customer e-commerce, business-to-business ecommerce & many services to many users. The growing use of third-party software components & middleware represents one of the biggest changes in the e-commerce web software-Application systems so as security; integrity has threaten because of the flaws in the design, up to 50% of software defects leading to security problems are software architecture & design flaws [11]. In other words during the high-level-design stage of software architecture design & technology architecture design decisions correspondence of web software structure that how various components will be integrated & interact,and which technologies will requirement define software function interpreted,failure in this cause 50% of software defects which then leading to security problem & threaten the internal software application integrity itself compromise because of software architecture & design flaws at the high-level-design.

Leave a Comment