TITLE:
Web Security and Log Management: An Application Centric Perspective
AUTHORS:
Andrew Mwaura Kahonge, William Okello-Odongo, Evans K. Miriti, Elisha Abade
KEYWORDS:
Web Security; Internet; Application Centric; Infrastructure Centric; Network Centric; Host Centric; Log Management and Monitoring
JOURNAL NAME:
Journal of Information Security,
Vol.4 No.3,
July
12,
2013
ABSTRACT:
The World Wide Web has been an environment with many security
threats and lots of reported cases of security breaches. Various tools and
techniques have been applied in trying to curb this problem, however new
attacks continue to plague the Internet. We discuss risks that affect web
applications and explain how network-centric and host-centric techniques, as much
as they are crucial in an enterprise, lack necessary depth to comprehensively
analyze overall application security. The nature of web applications to span
a number of servers introduces a new dimension of security requirement
that calls for a holistic approach to protect the information asset regardless
of its physical or logical separation of modules and tiers. We therefore
classify security mechanisms as either infrastructure-centric or application-centric
based on what asset is being secured. We then describe requirements for such
application-centric security mechanisms.