Geeks With Blogs

Gizmox .NET HTML5 Blog Rich .NET HTML5 Web, Cloud & Mobile applications delivery

Rich internet applications are growing fast in the business and enterprise application landscape as more and more software managers and corporate decision makers are electing to place rich internet applications (RIA's) into their organizations. But with the many advantages of rich internet applications over the client/server deployments, organizations also find many new aspects they need to master and overcome - one of them is understanding the new security vulnerabilities of the rich web based applications and taking the right measurments to protect their systems.

Whilst the measures taken to secure systems in the client/server culture are as relevant today as in the past, the nature of the browser client obligates us to go still further if we want to secure our RIA-based applications. That means understanding the numerous ways the information exposed in the browser can be used by a hacker with a mission to compromise the application or the information it contains. Rich internet applications can be broadly categorized into plug-ins and Ajax frameworks which use JavaScript and either XML function libraries or JSON (the JavaScript approach in which we practically send JavaScript objects on the wire) to infuse HTML with the asynchronous desktop-like behavior we desire for our RIA. Plug-ins are proprietary software sandboxes that need to be installed into the browser environment. A third approach is HTML5 that brings some of the capabilities of the plug-in into the browser as native functionality, further empowering the pure AJAX solutions. Its use is steadily growing but is still not fully supported by the browsers.

In both the plug-ins and the Ajax models, a degree of sensitive information must be communicated between server and client - far more than traditional synchronous web 1.0 applications which demand very little of the client, beyond capturing user input (the request) and presenting the screen delivered by the server (the reply). The smarter, asynchronous web 2.0, which is the basis of RIA applications, requests specific pieces of information and this often requires the client to play a significant role controlling program logic. The requests from the server will bring information more in the form of a data structure, e.g. a list of customers as opposed to synchronous HTML in whose elements the list of customers are already embedded.

So the information that causes security vulnerabilities is not the information received as input from the user or output to the web page, but rather the various pieces of data that make the application tick. Understanding these data items and what opportunities they present to a user with malicious intent is the key to building secure web applications.

Those items are discussed in depth in the following guide posted on Visual Studio Magazine to understanding RIA security vulnerabilities and how to cope with them.

Posted on Sunday, August 28, 2011 12:53 AM Web Development | Back to top


Comments on this post: Tips for IT Security in RIAs

# Security solutions
Requesting Gravatar...
This posts hits on some very valid points. IT security is quickly becoming a concern for all those that are involved with the subject matter. I have found a site that focused on providing free guides and whitepapers completely dedicated to all things related to internet security. Its definitely work a look over, and I’m sure it can help anyone with a problem.
Left by IT Security Watch on Aug 29, 2011 7:32 AM

# re: Tips for IT Security in RIAs
Requesting Gravatar...
I will try to follow your tips for my future projects. I am sure that I will have excellent results.
Left by Sell Timeshare on Feb 28, 2012 1:29 AM

# re: Tips for IT Security in RIAs
Requesting Gravatar...
you are really good in this domain. It is a pleasure to read you blogs.
Left by Bouncy Castle Hire Surrey on Mar 04, 2012 5:53 AM

# re: Tips for IT Security in RIAs
Requesting Gravatar...
I will follow your tips for sure. I guess that I will have excellent results.
Left by italy sailing on Mar 12, 2012 12:51 AM

# re: Tips for IT Security in RIAs
Requesting Gravatar...
I will follow your tips. I am sure that I will have excellent results in the near future.
Left by timeline covers for facebook on Mar 24, 2012 3:28 AM

# re: Tips for IT Security in RIAs
Requesting Gravatar...
I suggest you talk to the owner and turn suggesting that some form of WPA-is the best, but WEP is better than nothing. Then, could provide the key security for tenants. In this way, everyone in the palace would have had access, but no drive-by snoops.
Left by cymbalta 30 mg on Jul 12, 2012 12:50 AM

Your comment:
 (will show your gravatar)


Copyright © Webgui | Powered by: GeeksWithBlogs.net