Web application security - the fast guide 1.1 | Page 12

Chapter 1 - information Security overview
P a g e | 12
1.1 Information security definition
Access
Modify
Use
Information
Destroy
Disclose
Affect availability
Figure 1 :main threats affecting applications
Information is like any other asset subject to unintended or malicious activities
that might affect its confidentiality, integrity or availability hence a defensive
practice, activities should take place to help protecting these precious assets.
Other definitions might concentrate more on safeguarding information in its
different status such as static stored in databases, files or dynamic moving over
different carriers or while it is Processed.
1.2 Applying security
1.2.1 Design & Build it to be secure:
this approach might depend on building the application over a framework with
security focus where security becomes part of application itself with minimum
risk of security vulnerabilities.
Sometimes this approach is reached through a special process like development
methodology or as programming language that enforce security.
This approach might look perfect for new applications but when it comes to old
or legacy application this becomes nonrealistic approach.
Secure Components framework
Figure 2:Design & Build it to be secured