Web servers often receive confidential customer information at the front end and store it at the back end. Attackers can gain access to such information by attacking the front end, the back end, or both. Both the front end applications and the back end database need to be secured. Intruders can cause serious damage to the customers whose information is stored in the server, and thus can result in causing damage to the organization.
The Microsoft Security Development Lifecycle (SDL) is an example of how an organization can develop applications in a secure way and ensure that code updates and newly discovered vulnerabilities are dealt with appropriately to manage risk. The SDL emphasizes making security an integral part of the software development lifecycle (SDLC).
Consider the following scenario: At your company, web servers on the Internet allow customers to access a consumer web application for retail purchases. The web servers run Microsoft IIS software and use a back-end SQL database that stores confidential, personally identifiable information about the users of the application. However, the company is not satisfied with the security of the current software and the database and wants to develop them in-house for enhanced security. Based on your reading and additional research, write a 4- to 6-page paper recommending security tools and processes to manage your company’s web application using APA style. Cover the following points :
- Explain two possible attack scenarios on the web servers. Explain the potential damages from each of the attacks.
- Clarify how and where your company can incorporate security measures into the SDLC to achieve these goals:
- Develop more secure applications
- Audit application security
- Keep applications secure in light of newly discovered vulnerabilities and threats