At Last, My Web Applications Will Be Totally Secure!?
Saturday, February 27th, 2010Yet another vendor attempts to reduce application security to something that can be purchased.
“How to Hacker-Proof Your Web Applications,” was the amusing subject of an email I received recently. I’m sure that it wasn’t meant to be amusing. I suppose I just have a strange sense of humor.
The source of the email was a company that I consider to be reputable, though this could lead me to reconsider that opinion. I won’t single out the organization since hyperbole apparently continues to be a requirement to sell most anything.
I have to wonder though, does anyone actually read a subject line like that and then open the email fully expecting to be presented with a product or service that does what the subject states? I certainly hope not. Let’s explore the meaning of the message and then we’ll see if the email content led me to such a nirvana.
“Your Web Applications” covers every piece of software I have that presents a web interface. This includes my traditional HTTP/HTML-based applications as well as web services. These applications may be based on a variety of technologies such as .NET, Java, PERL and Ruby. They include third-party libraries and frameworks. Further, they are hosted on some form of hardware running some operating system. Clearly this claim applies to a wide and deep world of application infrastructures and architectures.
“Hacker-Proof” means that no attacker will be able to successfully exploit the applications. That is quite a promise. By opening this email I’m going to find out what is necessary to prevent all successful exploits for my entire set of web facing applications? This is great news! (more…)