Most Web applications are designed in an ad-hoc manner. Despite the widespread use of firewalls and other security solutions, there are obvious holes in the overall security of many web sites. The application itself often provides a point of access for hackers to launch attacks and thus acts like a Trojan horse. A new generation of security solutions is now needed. CERT Coordination Centre suggests that in this era of open, highly distributed, complex systems and vulnerabilities abound and adequate security, using "Defensive Measures" alone, can never be guaranteed. As with all other aspects of crime and conflict, deterrence plays an essential role in protecting society. The ability to "Track and Trace Attackers" is crucial. Both of these approaches combat against insecurity on protocol and hardware level. We however propose a "Three Prong Defense" (a new terminology used by us). Our proposal is based on Software Engineering approach. We believe our research work will enhance awareness amongst the people both developers and acquirers to know how software engineering approach can contribute to the security. Our work will strengthen the willingness to say "no" to ad-hoc ism.
展开▼
