Customising Web Application Security Richard Wilson University of Melbourne, Australia Daniel Lowes University of Pretoria, South Africa.

Slides:



Advertisements
Similar presentations
This Area Will Not Be Seen Alliance Access Alliance Access.
Advertisements

Lecture plan Information retrieval (from week 11)
Software Engineering 1. Software development – the grand view 2. Requirements engineering.
Alternative Software Life Cycle Models By Edward R. Corner vol. 2, chapter 8, pp Presented by: Gleyner Garden EEL6883 Software Engineering II.
Economic Perspectives in Test Automation: Balancing Automated and Manual Testing with Opportunity Cost Paper By – Rudolf Ramler and Klaus Wolfmaier Presented.
Portal-Oriented B2B Application Integration Chapter 5 Sungchul Hong.
CS350/550 Software Engineering Lecture 1. Class Work The main part of the class is a practical software engineering project, in teams of 3-5 people There.
Approaches to ---Testing Software Some of us “hope” that our software works as opposed to “ensuring” that our software works? Why? Just foolish Lazy Believe.
Static VS Dynamic websites. 1-What are the advantages and disadvantages? 2- Which one should you choose and why?
 Advantages  Easy to learn  Graphical Advantages  Help and Support  Widely used  Software compatibility  Customisable  Customisable Hardware 
Build a CMS Website. The topics this chapter covers are: What is CMS ? What you can do with CMS The benefits and disadvantages of using a content management.
Web Application Architecture: multi-tier (2-tier, 3-tier) & mvc
SEG Software Maintenance1 Software Maintenance “The modification of a software product after delivery to correct faults, to improve performance or.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 18 Slide 1 Software Reuse.
Software Engineering Muhammad Fahad Khan
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 18 Slide 1 Software Reuse.
©Ian Sommerville 2000 Software Engineering, 6th edition. Chapter 14Slide 1 Design with Reuse l Building software from reusable components.
Organizing Information Technology Resources
Software Engineering Reuse.
Reuse Standards Dr. Carma McClure Extended Intelligence, Inc. Copyright (c) 1998 by Extended Intelligence, Inc.
Figures – Chapter 16. Figure 16.1 Benefits of software reuse BenefitExplanation Increased dependabilityReused software, which has been tried and tested.
Object-oriented Software Engineering with Reuse Contracts Koen De Hondt, Carine Lucas, Kim Mens, Tom Mens, Patrick Steyaert, Roel Wuyts Programming Technology.
Institut Experimentelles Software Engineering Fraunhofer IESE Klaus Schmid Relating Product Line Adoption Mode and Transition Process.
 Is the scientific application of a set of tools and methods to a software system which is meant to result in high-quality, defect-free, and maintainable.
CSE 303 – Software Design and Architecture
Presented by Amlan B Dey.  Access control is the traditional center of gravity of computer security.  It is where security engineering meets computer.
Project Tracking. Questions... Why should we track a project that is underway? What aspects of a project need tracking?
CLIENT SERVER VS PEER TO PEER Networks. Lesson objectives Candidates should understand the advantages and disadvantages of: client server networks peer.
Basic Concepts Of CITRIX XENAPP.
111 Notion of a Project Notes from OOSE Slides – a different textbook used in the past Read/review carefully and understand.
Object-Oriented Software Engineering Practical Software Development using UML and Java Chapter 1: Software and Software Engineering.
Question To know that quality has improved, it would be helpful to be able to measure quality. How can we measure quality?
Component Technology. Challenges Facing the Software Industry Today’s applications are large & complex – time consuming to develop, difficult and costly.
CERN Equipment Management Integrates Safety Aspects EDMS Doc Eva Sanchez-Corral Mena, Stephan Petit / CERN 1 CERN Equipment Management Integrates.
MoRob – Modular Educational Robotic Toolbox Uwe Gerecke.
Manag ing Software Change CIS 376 Bruce R. Maxim UM-Dearborn.
Aspect-Oriented Requirements Engineering David Schaefer, Joao Araujo, Isabel Brito, Awais Rashid, Claudia Mesquita.
Software Classification. FatMax Licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 LicenseCreative Commons Attribution-NonCommercial-ShareAlike.
Distributed Databases
Chapter 4 Decision Support System & Artificial Intelligence.
CASE (Computer-Aided Software Engineering) Tools Software that is used to support software process activities. Provides software process support by:- –
CS 1120: Computer Science II Software Life Cycle Slides courtesy of: Prof. Ajay Gupta and Prof. James Yang (format and other minor modifications by by.
An answer to your common XACML dilemmas Asela Pathberiya Senior Software Engineer.
Chapter 9  2000 by Prentice Hall. 9-1 Client/Server Computing.
CS223: Software Engineering Lecture 2: Introduction to Software Engineering.
Software Project Management
Object-Oriented Software Engineering Practical Software Development using UML and Java Chapter 1: Software and Software Engineering.
IT323 - Software Engineering 2 1 Tutorial 4.  List the main benefits of software reuse 2.
CS223: Software Engineering Lecture 18: The XP. Recap Introduction to Agile Methodology Customer centric approach Issues of Agile methodology Where to.
.NET and Webservices for Dummies Speaker: John J. Stark System Consultant, Integral Data Solutions.
Chapter 10 Software quality. This chapter discusses n Some important properties we want our system to have, specifically correctness and maintainability.
©Ian Sommerville 2007COTS-based System Engineering Slide 1 COTS-based System Engineering.
Extreme programming (XP) Advanced Software Engineering Dr Nuha El-Khalili.
System Software Laboratory Databases and the Grid by Paul Watson University of Newcastle Grid Computing: Making the Global Infrastructure a Reality June.
A Method for Improving Code Reuse System Prasanthi.S.
Software Reuse. Objectives l To explain the benefits of software reuse and some reuse problems l To discuss several different ways to implement software.
Best Way to Learn Selenium Course in Online. Looking to learn best testing tool? If your preference is selenium testing then your choice is perfect. The.
Chapter 16 – Software Reuse
Business in a Connected World
Jumpstart Solution: Novell Active Information Portal
IBM Start Now Host Integration Solutions
Teaching slides Chapter 1.
Software System Integration
How to Design and Implement Research Outputs Repositories
Course: Module: Lesson # & Name Instructional Material 1 of 32 Lesson Delivery Mode: Lesson Duration: Document Name: 1. Professional Diploma in ERP Systems.
Copyright © JanBask Training. All rights reserved Become AWS Certified & Get Amazing Job Opportunities.
WDF Custom Driver Design Pattern
OU BATTLECARD: Oracle Data Integrator
OU BATTLECARD: Oracle SOA Training & Certification
Presentation transcript:

Customising Web Application Security Richard Wilson University of Melbourne, Australia Daniel Lowes University of Pretoria, South Africa

Structure What’s the problem? Security on the Web Custom implementations Disadvantages Advantages Applicability

What’s the problem? Too many web applications reinvent the wheel Limit applicability to a particular business / application / domain Ignores benefits of standard(ised) solutions Short-sighted development Little thought of integration No planning for extendibility

Security on the Web Two ways of implementing security: Framework / middleware based “Custom” Framework “Building Secure ASP.NET Web Applications”.NET Roles Principal Permission Demands Declarative Checks

What is a “custom” setup? Independent of application framework Eg: Written in C#, runs on Windows, *nix (Mono) Standard model Proven approaches to common issues Tested for correctness Optimised for performance A Pattern… Not? A random piece of downloaded code

Popular Disadvantages Can the pattern be trusted? That’s why it needs to be a pattern TIME and effort taken to set up Specialist knowledge / training Degree of expertise required But, cf. 600 pages of framework guidelines COST of development Support? Bug fixes? Patches? Have to maintain it ourselves

Advantages Fine-grain control Impossible to implement per-entity control in any existing framework Choice of implementation – ACLs, capabilities Independence Less reliance on external vendor’s interfaces Less maintenance Flexible Adapt to specific needs Faster, easier to maintain, cheaper

Does everyone need it? There are always trade-offs in software engineering A custom implementation will take more development time (though not as much as you might think) The higher degree of control may not even be required In which case: frameworks are the way

Does anyone need it? Implementing fine-grain security control in current frameworks is messy Specific to particular applications, thus hard to generalise an implementation But, the pattern can be applied across many domains More comprehensive security = less headaches, less expenditure, less chaos

In conclusion… Software engineers like patterns… Web application designers like security… Managers want everything to be cheaper and faster… Sound familiar? A standardised, customised security model is an intersection of these three

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.