Security considerations in the delivery of Web-based applications: a case study
The study outlines a number of security requirements that are typical of a host of Web-based applications using a case study of a real life online Web-based customer support system. It subsequently proposes a security solution that employs a combination of Web server security measures and cryptographic techniques. The Web server security measures include the formulation and implementation of a policy for server physical security, configuration control, users' access control and regular Web server log checks. Login passwords, in conjunction with public key cryptographic techniques and random nonces, are used to achieve user authentication, provide a safeguard against replay attacks, and prevent non-repudiatory usage of system by users. These techniques, together with the use of session keys, will allow data integrity and confidentiality of the customer support system to be enforced. Furthermore, a number of security guidelines have been observed in the implementation of the relevant software to ensure further safety of the system.