O'Reilly logo

Web Commerce Security Design and Development by Ronald L. Krutz, Hadi Nahari

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Basic Definitions

In this section we are going to define basic concepts that will help better understand the terminologies used in the rest of this chapter.

Target

A target system is defined from a hacker's perspective: That is, it is your system! It is referred to as a “target” because it is targeted by hackers. Although the term “target” is singular, all of your system components, including hardware, networking infrastructure, applications, frameworks, storage mechanisms, and the sensitive data they contain, together serve as the target for your adversaries. As it pertains to the application space, the two important classes of target are:

  • Native applications: Programs that run directly at the operating system level and do not depend on an intermediary runtime environment such as a Java Virtual Machine (JVM), a Microsoft .NET Common Language Runtime (CLR), or any other runtime to execute. Native applications can run standalone and could potentially have more privileges than their Web application counterparts.
  • Web apps: Programs that run inside a JVM, a CLR, or any other runtime, and depend on the services that are made available to them by the runtime, and therefore cannot run standalone.

Threat

As we noted in Chapter 4, security is a function of threat: Without a threat, security becomes an abstract concept that may not be of practical value to you. A threat is the potential for the threat-source to exploit a specific vulnerability or mount an actual attack. A threat-source ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required