Web application security - the fast guide 1.1 | Page 13

Chapter 1 - information Security overview
P a g e | 13
1.2.2 Verify it is secure:
This approach depends on vulnerability analysis by investigating different
vulnerabilities to be sure that main and known ones are covered.
The next step to apply security through that approach is to reinforce and fix
vulnerabilities.
This approach can be usefull in new systems and legacy ones.
 Vulnerability analysis can be done through application or even manually
depending on the analyzed vulnerability.
 Vulnerability analysis can be done using :
o static methods like auditing the application source code
o Dynamic method: the analysis is done in the run time by
observing the behavior of the system.
Using the static method might give the maximum coverage for most
existing vulnerabilities but it might have issues of false alerts in time
when the dynamic method we can be sure of correctness but no
guarantee for complete coverage of vulnerabilities.
Vulnerabilities
Figure 3: security by verification (analyze, Identify and fix)
1.2.3 Protect it:
This approach depends on building a run time environment that will help in
protecting the application vulnerability from being exploited this approach
can be applied through two methods:
1- Proxy approach that will isolate and detach application from other
components in the system which minimize the ability to exploit the
vulnerabilities.
2- Embed monitoring capabilities in infrastructure components (Browser,
language runtime) to enable monitoring behavior, isolate and quarantine
any threat.