Secure Of Technology

 Secure Of Technology

Tehnopedia.net -An easy way to view web application security is by picturing your own house. It has a front door, a back door, windows, a number of rooms, a roof, boundary fences and different access routes. Only the terminology is different.
The Front Door.
The front door of any web application is the login page and, not surprisingly, it is the primary point of attack. A login page will consist of edit boxes to type a user name and password and a button to send these for the server to authenticate your access to the rest of the web application. Some login pages may provide a captcha to make sure you are a human being and not a mock-up of the same form on a different server. The mock-up form will cycle through variations of user names and passwords until it gains access to the application. This is known as cross-site forgery and is akin to a burglar forging the keys to your house.
Captchas are jumbled images of scrambled letters and numbers which make it impossible for an automated script to read. Unfortunately, as the scripts become cleverer at reading these images, the captcha images need to become more complex and harder for humans to read. This causes frustration for the end-user as they have repeated failed attempts at gaining access to their account because the captcha was unreadable. The solution to this has been to replace the captcha with a secure token. The secure token is generated my joining the user name, password and any other user information available with a uniquely generated key. This concatenation is then encrypted and stored as a hidden field in the form, thus making it impossible for any mock-up form to make a successful login attempt.