Ensuring Web Security Within the Enterprise

    In the past year, information security has taken center stage. Some publications called 2014 “the year of the breach,” with many large companies coming forth to report large data breaches through a variety of vulnerabilities and attacks. This, of course, highlighted the need for enterprises to step up their security systems across all networks.

    One area where hacks, breaches, malware and vulnerabilities run rampant is the web. From online phishing scams to vulnerabilities like the Heartbleed bug, web security runs the gamut. Not one set of rules applies to this global network — many hundreds do. So when the enterprise wants to ensure that its web gateway is secure, there are many areas to check, but no simple checklist or guide to make sure everything is locked down.

    To help enterprise IT organizations better understand and design systems for web security, Hanqing Wu and Liz Zhao, both web security experts and authors, developed the book, “Web Security: A WhiteHat Perspective.” The book gives a look at how hackers think and work. The authors also provide reasons why it’s important to consider your company’s scale when you are considering security methodologies—one size does not fit all in web security.

    The book includes client script security, server application security, cross-sites script attacks, click jacking, HTML5/PHP security, authentication, session management, leaks and the security development life cycle, among other areas.

    In our IT Downloads area, you can read an excerpt from Chapter 2: Security of Browser. Wu and Zhao discuss the same-origin policy, a common convention for browsers. They detail why the strategy is important and why browser security should be taken seriously.

    The chapter includes JavaScript examples to demonstrate possible issues and how document object models, cookies and XMLHttpRequests are all subject to restrictions by the same-origin policy. The excerpt also goes into malicious URL intercepts and sandbox browsers, before demonstrating the rapid development of browser security today.

    In the chapter summary, the authors reiterate the topics discussed:

    The security of browsers is based on the same-origin policy, so understanding the same-origin policy will help grasp the essence of browser security. In the current, rapidly developing trend of browsers, malicious URL detection, plug-ins, and other security issues will become increasingly important. Keeping up with the pace of browser development to study the security of browsers is what researchers need to take seriously.

    This chapter excerpt and the book itself make good reading material for web security teams, web developers and IT managers tasked with ensuring web security for the enterprise.

    Kim Mays has been editing and writing about IT since 1999. She currently tackles the topics of small to midsize business technology and introducing new tools for IT. Follow Kim on Google+ or Twitter.

    Latest Articles