Presentation is loading. Please wait.

Presentation is loading. Please wait.

Customising Web Application Security Richard Wilson University of Melbourne, Australia Daniel Lowes University of Pretoria, South Africa.

Published byJanice Patterson Modified over 8 years ago

Similar presentations

Presentation on theme: "Customising Web Application Security Richard Wilson University of Melbourne, Australia Daniel Lowes University of Pretoria, South Africa."— Presentation transcript:

1 Customising Web Application Security Richard Wilson University of Melbourne, Australia Daniel Lowes University of Pretoria, South Africa

2 Structure What’s the problem? Security on the Web Custom implementations Disadvantages Advantages Applicability

3 What’s the problem? Too many web applications reinvent the wheel Limit applicability to a particular business / application / domain Ignores benefits of standard(ised) solutions Short-sighted development Little thought of integration No planning for extendibility

4 Security on the Web Two ways of implementing security: Framework / middleware based “Custom” Framework “Building Secure ASP.NET Web Applications”.NET Roles Principal Permission Demands Declarative Checks

5 What is a “custom” setup? Independent of application framework Eg: Written in C#, runs on Windows, *nix (Mono) Standard model Proven approaches to common issues Tested for correctness Optimised for performance A Pattern… Not? A random piece of downloaded code

6 Popular Disadvantages Can the pattern be trusted? That’s why it needs to be a pattern TIME and effort taken to set up Specialist knowledge / training Degree of expertise required But, cf. 600 pages of framework guidelines COST of development Support? Bug fixes? Patches? Have to maintain it ourselves

7 Advantages Fine-grain control Impossible to implement per-entity control in any existing framework Choice of implementation – ACLs, capabilities Independence Less reliance on external vendor’s interfaces Less maintenance Flexible Adapt to specific needs Faster, easier to maintain, cheaper

8 Does everyone need it? There are always trade-offs in software engineering A custom implementation will take more development time (though not as much as you might think) The higher degree of control may not even be required In which case: frameworks are the way

9 Does anyone need it? Implementing fine-grain security control in current frameworks is messy Specific to particular applications, thus hard to generalise an implementation But, the pattern can be applied across many domains More comprehensive security = less headaches, less expenditure, less chaos

10 In conclusion… Software engineers like patterns… Web application designers like security… Managers want everything to be cheaper and faster… Sound familiar? A standardised, customised security model is an intersection of these three http://www.sagamedev.co.za http://sourceforge.net/projects/silvernode

Download ppt "Customising Web Application Security Richard Wilson University of Melbourne, Australia Daniel Lowes University of Pretoria, South Africa."

Similar presentations

This Area Will Not Be Seen Alliance Access Alliance Access.

This Area Will Not Be Seen Alliance Access Alliance Access.
Lecture plan Information retrieval (from week 11)

Lecture plan Information retrieval (from week 11)
Software Engineering 1. Software development – the grand view 2. Requirements engineering.

Software Engineering 1. Software development – the grand view 2. Requirements engineering.
Alternative Software Life Cycle Models By Edward R. Corner vol. 2, chapter 8, pp. 289-299 Presented by: Gleyner Garden EEL6883 Software Engineering II.

Alternative Software Life Cycle Models By Edward R. Corner vol. 2, chapter 8, pp Presented by: Gleyner Garden EEL6883 Software Engineering II.
Economic Perspectives in Test Automation: Balancing Automated and Manual Testing with Opportunity Cost Paper By – Rudolf Ramler and Klaus Wolfmaier Presented.

Economic Perspectives in Test Automation: Balancing Automated and Manual Testing with Opportunity Cost Paper By – Rudolf Ramler and Klaus Wolfmaier Presented.
Portal-Oriented B2B Application Integration Chapter 5 Sungchul Hong.

Portal-Oriented B2B Application Integration Chapter 5 Sungchul Hong.
CS350/550 Software Engineering Lecture 1. Class Work The main part of the class is a practical software engineering project, in teams of 3-5 people There.

CS350/550 Software Engineering Lecture 1. Class Work The main part of the class is a practical software engineering project, in teams of 3-5 people There.
Approaches to ---Testing Software Some of us “hope” that our software works as opposed to “ensuring” that our software works? Why? Just foolish Lazy Believe.

Approaches to ---Testing Software Some of us “hope” that our software works as opposed to “ensuring” that our software works? Why? Just foolish Lazy Believe.
Static VS Dynamic websites. 1-What are the advantages and disadvantages? 2- Which one should you choose and why?

Static VS Dynamic websites. 1-What are the advantages and disadvantages? 2- Which one should you choose and why?
 Advantages  Easy to learn  Graphical Advantages  Help and Support  Widely used  Software compatibility  Customisable  Customisable Hardware 

 Advantages  Easy to learn  Graphical Advantages  Help and Support  Widely used  Software compatibility  Customisable  Customisable Hardware 
Build a CMS Website. The topics this chapter covers are: What is CMS ? What you can do with CMS The benefits and disadvantages of using a content management.

Build a CMS Website. The topics this chapter covers are: What is CMS ? What you can do with CMS The benefits and disadvantages of using a content management.
Web Application Architecture: multi-tier (2-tier, 3-tier) & mvc

Web Application Architecture: multi-tier (2-tier, 3-tier) & mvc
SEG4210 - Software Maintenance1 Software Maintenance “The modification of a software product after delivery to correct faults, to improve performance or.

SEG Software Maintenance1 Software Maintenance “The modification of a software product after delivery to correct faults, to improve performance or.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 18 Slide 1 Software Reuse.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 18 Slide 1 Software Reuse.
Software Engineering Muhammad Fahad Khan

Software Engineering Muhammad Fahad Khan
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 18 Slide 1 Software Reuse.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 18 Slide 1 Software Reuse.
©Ian Sommerville 2000 Software Engineering, 6th edition. Chapter 14Slide 1 Design with Reuse l Building software from reusable components.

©Ian Sommerville 2000 Software Engineering, 6th edition. Chapter 14Slide 1 Design with Reuse l Building software from reusable components.
Organizing Information Technology Resources

Organizing Information Technology Resources
Software Engineering Reuse.

Software Engineering Reuse.
Reuse Standards Dr. Carma McClure Extended Intelligence, Inc. www.reusability.com Copyright (c) 1998 by Extended Intelligence, Inc.

Reuse Standards Dr. Carma McClure Extended Intelligence, Inc. Copyright (c) 1998 by Extended Intelligence, Inc.

Similar presentations

Ads by Google