Complexity – did you wrote a code for an app and saw how
many items needed to be addressed before even talking about security ?
Non standard – write code is based on the developer knowledge
and experience. There are many ways to implement even a simple concept like
salt password. There are no standards or
guide lines that every web developer is committed to.
3rd party – developers must rely on 3rd
part library servers and have no way to verify that they are all secure.
Design - Web app are design to server client with various content
and the goal is to sell or market them self or just share information. It means that security
comes as a secondary goal at the best case and that make total sense.
Easy – due to the comply of web apps it is not that difficult
to find holes or take advantage of innocent users and trick them to install a
male ware.
Heard to deal with - Organizations are struggling to secure
all their customer information and try to stay above water. The reason is they
have so many security concerns, product, procedure, logs, tasks, and much more which
makes it almost un manageable.
Genesis – web application security is still not a fully solid
process and some of the basics are still not decided and adopted as best
practices within the industry
No comments:
Post a Comment