Network Monitoring and Security

By Victor Epand

The world of computer security is a constantly evolving one. It seems as if there is a continuous stream of exploits being found in one program or another. It is pretty much impossible to be fluent in all aspects of computer network security.

Due to the nature of computer security and its many, many aspects one should almost choose a niche and try to specialize in it. One such area is web application security in its many forms. Why do I say in its many forms? Well not all web applications are written in the same language. Nor do they all share the same configuration or supporting back end programs.

Web application security is an interesting area to specialize in actually, and also a good one. There will always be web applications as the Internet largely evolves around web sites with a myriad of various applications. These applications are of course designed for the potential client to use and interact with. Simply because the public face of a company on the Internet was created by professional programmers does not mean it is bug free. Quite the contrary as we all know. It is well nigh impossible to write perfect code regardless of the language used.

This leads to another facet of web application security. Quite often a large amount of web applications are coded in house with little in the way of quality assurance. The company programmer will likely simply be happy to have finished the project on time, and has little leeway in assigning time for code audits. There are some tools out there that will do code audits, but many of them are prone to a high volume of false positives. The ones that are good are almost always prohibitively expensive.

All of us non programmers can appreciate, I think, the difficulty of writing good code. It is especially true when it comes to an enterprise class software program and the thousands of lines of code that make up such a program. There is another side to this as well though. While the programmer may have an excellent grasp of the programming life cycle, they may not always have a firm grasp of the protocol they are generating code for. This is where a firm grasp of the protocol comes in handy as well. While maybe not critical, it certainly helps to know the in’s and out’s of the protocol in question.

So the programmer is now finished writing the web application that he or she was tasked with. It is now time to test it out and try to find any flaws or glitches in it. What would be the best way to do that? Well good question actually. That brings us back to the purpose of this article series. Testing out the brand new web application is best done using an HTTP proxy. This truly excellent tool will allow the developer to interact with the web application in ways that a typical web session would not recreate.

About The Author

Victor Epand is an expert consultant for computer parts and suits & ties. Shop here to find computer parts and supplies, formal suits & ties, and http proxy.