SECURING WEBSITES:A SOFTWARE ENGINEERING APPROACH

摘要

Most Web applications are designed in an ad-hoc manner.Despite the widespread use of firewalls and other securitysolutions, there are obvious holes in the overall security ofmany web sites. The application itself often provides apoint of access for hackers to launch attacks and thus actslike a Trojan horse. A new generation of securitysolutions is now needed. CERT Coordination Centresuggests that in this era of open, highly distributed,complex systems and vulnerabilities abound and adequatesecurity, using “Defensive Measures” alone, can never beguaranteed. As with all other aspects of crime andconflict, deterrence plays an essential role in protectingsociety. The ability to “Track and Trace Attackers” iscrucial. Both of these approaches combat againstinsecurity on protocol and hardware level. We howeverpropose a “Three Prong Defense” (a new terminologyused by us). Our proposal is based on SoftwareEngineering approach. We believe our research work willenhance awareness amongst the people both developersand acquirers to know how software engineeringapproach can contribute to the security. Our work willstrengthen the willingness to say “no” to ad-hoc ism.