A VESARiA security consultant hangs up the phone. He had just reported the critical results of a preliminary test of the web application software used to power one of the leading e-commerce sites.
Looking carefully at the error messages, the analyst noticed certain directory and file names mentioned in them. Figuring he was on a roll, the analyst pieced them together to come up with a URL, and entered it into his browser. Boom! There were the contents of the file, revealing sensitive information. The file was never intended to be served over the web - it was intended to be used only by the server's software. But it was nonetheless located within the webroot, and was thus accessible to anyone who could determine its name and location. Within minutes, he had penetrated the system.
Wasting no time, the analyst immediately contacted the client. The client was, to say the least, flabbergasted by this news. In light of the gravity of the situation, VESARiA's analyst recommended a complete overhaul of the software, integrating security from the ground up.
VESARiA's Solution: Preventive Security and Education
Over the next few months, VESARiA lead the companies IT staff through overhauling their server's software. First, VESARiA went over the source code (see Web Application Security Analysis), highlighting five major areas that needed change. Then, working in close contact with the company's programmers, VESARiA developed a security model for the web application. VESARiA educated the company's staff in the relevant aspects of security, enabling them to produce secure web applications from the start.
The Results: Secure Web Applications
Within months, the company was ready to redeploy their secured web application. It featured a proactive, redundant security model, and was more efficient and streamlined as well. Most importantly, the education the staff received ensured the future security of the company's web applications from the start.
include('phone.php') ?> include('address.php') ?>
|© 2000 - 2018 Vesaria Network Security Specialists|
|Call Us at include('phone.php') ?>|