Implement secure communications channels 1 | 2 | 3 | 4 | 5 | 6 Internally, the application had only trusted users, and all communication was trusted in the sense that all other users were �no security risk.” Challenge: There is a variety of typical Web application vulnerabilities that target communication problems, for example, insecure […]
|
2|
3|
4|
5|
6 |
 |
 |
Internally, the application had only trusted users, and all communication was trusted in the sense that all other users were �no security risk.”
Challenge: There is a variety of typical Web application vulnerabilities that target communication problems, for example, insecure implementations of session management (i.e., insecure session cookies), improper use of encrypted communication (i.e., SSL, key management). If the application moves to the cloud, all relevant aspects of the communication have to be evaluated. Implementation of secure communication channels has to be done the right way. This could either be implemented within the application itself by using secure frameworks or in front of the application in a so-called Web application firewall.
Applications are typically built from the ground up using programming languages, such as PHP, JAVA or .NET by an internal development team or a third-party vendor with “For Internal Use Only� in mind. There has been a general assumption by development teams that users can always be trusted, the application will be used “as intended,� and all information (i.e., user data) and content (i.e., product data from databases or ERP systems) are coming from safe and secure sources.
As cloud computing becomes more favorable among companies, they are forcing their applications out of the internal network into the cloud, causing them to be vulnerable to Web threats. If the application, or part of the application, is moved into the cloud, there will be typically less security within the infrastructure and several more users will be accessing it. Therefore, vulnerabilities turn up and hacks occur. The following are typical challenges enterprises face when moving an application to the cloud, prepared by security vendor Art of Defence.
Enterprise Networking Planet aims to educate and assist IT administrators in building strong network infrastructures for their enterprise companies. Enterprise Networking Planet contributors write about relevant and useful topics on the cutting edge of enterprise networking based on years of personal experience in the field.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.
