|
|
Building secure distributed Web applications is challenging. Your application is only as secure as its weakest link. With distributed applications, you have a lot of moving parts and making those parts work together in a secure fashion requires a working knowledge that spans products and technologies.
You already have a lot to consider; integrating various technologies, staying current with technology, and keeping a step ahead of the competition. If you don’t already know how to build secure applications, can you afford the time and effort to learn? More to the point, can you afford not to?
If you already know how to build secure applications, are you able to apply what you know when you build .NET Web applications? Are you able to apply your knowledge in today’s landscape of Web-based distributed applications, where Web services connect businesses to other business and business to customers and where applications offer various degrees of exposure; for example, to users on intranets, extranets, and the Internet?
Consider some of the fundamental characteristics of this connected landscape:
Web services use standards such as SOAP, Extensible Markup Language (XML), and Hypertext Transport Protocol (HTTP), but fundamentally they pass potentially sensitive information using plain text.
Internet business-to-consumer applications pass sensitive data over the Web.
Extranet business-to-business applications blur the lines of trust and allow applications to be called by other applications in partner companies.
Intranet applications are not without their risks considering the sensitive nature of payroll and Human Resource (HR) applications. Such applications are particularly vulnerable to rogue administrators and disgruntled employees.
|
|