Certified Application Security Engineer JAVA Study Guide

Chapter 01: Understanding Application Security, Threats, and Attacks
Application Concept
In beginning, websites are designed to be static. These static websites do not offer the number of services and integrated features as dynamic websites we see now days offer, so they were not supposed to require complex security and authentication. Even though, if someone gains the access to the code running on a website, he could only modify the content on the website. Compromising the running code will not lead to compromise the security of entire platform, although these websites require security but comparatively more layers of security are required for dynamic applications.
Today, developing websites and applications are dynamic, i.e. comprised of several integrations with one another. These integrations include databases, APIs, plugins and other entities. These dynamic applications offer different services and features, hence requires higher privileges. Let’s say, if an application has privilege to access the storage of your device, the compromise of such application will compromise the storage too. Best practices and deployment of security devices such as firewalls protect the ports, operating system along with several additional layers of security and defensive techniques to secure these type of dynamic applications.