Web Site Design and Architecture
The design and architecture of web sites and the supporting application software and systems is an important step in a well-managed development programme.
Design reviews can be used to identify security-related problems with the fundamental structure (architecture) which no amount of secure coding will solve. And, it's not just about adding network and application firewalls and intrusion protection systems (IDS)—in many cases a better (less complex, more robust) design can be achieved by considering security issues such as authentication, authorisation and integrity, and the privacy issues of data subjects themselves.
Even if you, or your development agency, don't have a formal process, you should try to build reviews into the project's requirements and ensure that software designs, architecture and data flow diagrams are itemised deliverables that require sign-off. Then any changes to these should be re-assessed, agreed and approved.
Posted on: 21 July 2009 at 09:32 hrs
Comments are filtered automatically and should appear shortly after they been checked.
A good example of achieving increased security through application design would be URL dispatchers/rewriting. In a typical LAMP setup URLs are constructed out of operating system path, which has a side effect of revealing application design. URL rewriting makes them truly universal resource locators and nothing more than that.