> Web Application and Database Security
Web Application and Database Security
A web application firewall (WAF) is an appliance, server plugin, or filter that applies a set of rules to an HTTP conversation. Generally, these rules cover common attacks such as Cross-site Scripting (XSS) and SQL Injection. By customizing the rules to your application, many attacks can be identified and blocked. The effort to perform this customization can be significant and needs to be maintained as the application is modified.
Database security is the system, processes, and procedures that protect a database from unintended activity. Unintended activity can be categorized as authenticated misuse, malicious attacks or inadvertent mistakes made by authorized individuals or processes. Database security is crucial because it protects the most important information a company owns, including client information, financial information, and employee information. Three ways of ensuring database security are Identification and Authentication, Authorization, and Accountability. Identification and Authentication determines who may log into a system and what areas they are able to access and control. Authorization determines what exactly the user can do while logged into the system, and Accountability shows the administrator what the user did while logged into the system.
Database security is also a specialty within the broader discipline of computer security. Database security has become more critical as networks have become more open. Database security begins with the process of creation and publishing of appropriate security standards for the database environment. The standards may include specific controls for the various relevant database platforms; a set of best practices that cross over the platforms; and linkages of the standards to higher level polices and governmental regulations.
Content filtering is commonly used by organisations such as offices and schools to prevent computer users from viewing inappropriate web sites or content, or as a pre-emptive security measure to prevent access of known malware hosts. Filtering rules are typically set by a central IT department and may be implemented via software on individual computers or at a central point on the network such as the proxy server or internet router. Depending on the sophistication of the system used, it may be possible for different computer users to have different levels of internet access.
Content filtering software is sometimes also used on home computers in order to restrict access to inappropriate websites for children using the computer. Such software is typically described as parental control software.