How do you develop secure composite applications without weaknesses?






How do you develop secure composite applications without weaknesses?

The first step will be to develop security-friendly patterns of development, a set of frameworks for creating composite applications with inherently secure components. SAP will do its part by linking future versions of modeling tools such as SAP NetWeaver Visual Composer to the security operations layer of enterprise services, enabling enterprise architects to combine services in various combinations without explicitly focusing on security issues.

But developers will need additional frameworks and special security training to guide them in designing applications which will deflect common attacks such as cross-site scripting, in which malicious JavaScript code is entered into a web form, and while the code won't harm the host machine, it will load and infect the next unwitting customer who attempts to access your form. Learning to thwart these attacks isn't so much of an ESA issue as it is a development-of-best-practices issue, but these issues will become much more tangible when critical processes begin to poke their heads out beyond the corporate firewall.

SAP NetWeaver already includes frameworks to support secure programming. In addition, the SAP NetWeaver Developer's Guide includes a multiple-page security checklist for developers finishing their applications. The checklist leads off with questions such as:

  • Is no security-relevant data stored on the client?

  • Is the application free of back doors?

  • Do all security implementations consist of a consistent and documented concept (and not "security by obscurity")?

  • Does the system pass into a safe state in case of errors?

  • Is the data stored in a secure way beyond the application session?

  • Are no static keys used when encrypting data?

  • Are encrypted data and keys always stored separately from each other, and can an attacker not implicate them?

Additional resources include the Secure Programming section on the SAP Developer Network (SDN; http://sdn.sap.com).



 Python   SQL   Java   php   Perl 
 game development   web development   internet   *nix   graphics   hardware 
 telecommunications   C++ 
 Flash   Active Directory   Windows