Web applications are important, ubiquitous distributed systems whose current security relies primarily on server-side mechanisms. This paper makes the end-to-end argument that the client and server must collaborate to achieve security goals, to eliminate common security exploits, and to secure the emerging class of rich, cross-domain Web applications referred to as Web 2.0. In order to support end-to-end security, Web clients must be enhanced. This paper introduces Mutation-Event Transforms: an easy-to-use client-side mechanism that can enforce even fine-grained, application-specific security policies, and whose implementation requires only straightforward changes to existing Web browsers. This paper gives numerous examples of attractive, new security policies that demonstrate the advantages of end-to-end Web application security and of the proposed mechanism.
Did you find this white paper useful?
27 out of 50 users found this white paper useful
Related white papers
An Overview to Security for the Application Development Lifecycle
The current approaches to securing applications fall short of their desired goals because they do not address or improve the daily activities of architects, developers or QA engineers. Symantec leverages...
PTC ProjectLink on the Internet, a Security Tutorial
PTC ProjectLink is a Web based workspace that enables geographically and organizationally dispersed project teams to work on design projects. Deploying ProjectLink over the Internet can increase the security...
Rush to Release: Deploying Secure Applications
Security testing your applications in QA reduces development cycles and the downtime caused by defects in production. Hear experts from Mercury Interactive and Sanctum Inc. discuss ways to deploy your...
BizRights Enables Collaboration and Enhanced Control
Approva's client, a global manufacturer and distributor of a taste-tempting array of food products, this publicly traded company is subject to the regulations spawned by the Sarbanes-Oxley Act of 2002,...
Engaging with Business Banking Customers
View this on-demand Webcast with Jeanne Capachin, Research Vice President with Financial Insights, as she examines how Rich Internet Applications (RIAs) can be used to solve some of the online...
Web Application Security: Too costly to ignore
Web application security is crucial to mitigating the risks of attack and attaining regulatory compliance. The number of web attacks is on the rise and is exponentially more cost...
How to Digitally Sign Downloadable Code for Secure Content Transfer
Learn how to implement VeriSign Code Signing Digital Certificates which provide assurance to end users that the code really comes from the developer who signed it, and has not been...
