Secure Your Web Application Like Your Own House

An easy way to view web application security is by picturing your own house. It has a front door, a back door, windows, a number of rooms, a roof, boundary fences and different access routes. Only the terminology is different.

The Front Door.
The front door of any web application is the login page and, not surprisingly, it is the primary point of attack. A login page will consist of edit boxes to type a user name and password and a button to send these for the server to authenticate your access to the rest of the web application. Some login pages may provide a captcha to make sure you are a human being and not a mock-up of the same form on a different server. The mock-up form will cycle through variations of user names and passwords until it gains access to the application. This is known as cross-site forgery and is akin to a burglar forging the keys to your house.

Captchas are jumbled images of scrambled letters and numbers which make it impossible for an automated script to read. Unfortunately, as the scripts become cleverer at reading these images, the captcha images need to become more complex and harder for humans to read. This causes frustration for the end-user as they have repeated failed attempts at gaining access to their account because the captcha was unreadable. The solution to this has been to replace the captcha with a secure token. The secure token is generated my joining the user name, password and any other user information available with a uniquely generated key. This concatenation is then encrypted and stored as a hidden field in the form, thus making it impossible for any mock-up form to make a successful login attempt.

The Windows and Back Door.
What are the windows of a web application? I don’t mean the operating system on the server. I’m talking about potential areas of each page which could be broken to make a forced entry. These areas are edit boxes and text areas which allow a user to type information. An attacker will use edit boxes and text areas to enter commands which the database understands. If the software is not written securely then it is very easy to interrupt the database when it is saving the data, so that it will execute the commands supplied by the attacker. Typical attacks could result in the database being destroyed, data being stolen or user information being compromised. This type of attack is known as SQL injection.

Boundary Fences.
The boundary fences of a web page are any links, editable areas and the main URL address. The URL of the page itself and links embedded in the page can be copied and modified from another site so that commands can be executed by the server. Javascript code can be inserted into editable areas to force data to be submitted to a rogue site or to gain control of the user’s web browser. Database commands can also be inserted into the main URL address. These attacks are known as cross-site scripting (XSS) attacks because they are scripts which direct the user to an attacker’s own web site. XSS attacks could be used to steal a user’s authenticated session identifier and use it to increase the level of access of another account they have already created.

To prevent cross-site scripting, the software must scan all editable areas for code and also include a secure token in each URL and link. Just as holes and gaps in fences should be closed. All secure pages should check for the existence of an authenticated user.

We have all experienced bogus house callers who claim to be the gas man or the water company saying they need to gain access to your house to turn off your supply. Web site attackers may contact you or any other users of your site by email, social network or telephone and trick you into revealing your login details. Reasons they may give could be that your web site has already been hacked and they can fix it if you provide them with access. The only prevention is to constantly remind your users that they should not reveal their username and password to anyone and that you as the site owner will never ask them to reveal their password. You should provide links to allow your users to reset forgotten passwords by sending them an email link with an encrypted token to guarantee its source.

Brute force entry.
The simplest and quickest method of entry for any burglar to break into a house is to use a crowbar to prise open a door, or smash a window with a brick.
The hi-tech version of this method is the Denial of Service attack (DoS). A DoS attack involves repeatedly targeting a web page until the web server runs out of memory and shuts itself down.

As the number of burglars diminish, the number of hackers is increasing. A burglar may have only been after financial gain, where as a hacker’s motivation could be political, financial or just malicious damage. A house without any protection may never get burgled, but it is a certainty that an unsecure web site will eventually be attacked.

5 Characteristics to Compare Before Purchasing a Probe Station Unit

The probe station unit has undergone numerous technological advances over the past decade. Researchers now have more options to choose from which is beneficial but can make it difficult to effectively compare unique probe station units prior to purchasing. This tool represents a significant financial investment so it is important to select the best solution for today and tomorrow. Fortunately, focusing on five key characteristics can make the comparison process easier and more accurate.

1. With the growing popularity of cryogenic measurements time-consuming wiring of an on-wafer device is no longer necessary. Today’s platforms allow for visualization and electrical interrogation of multiple wafer level devices. Unfortunately, this comes with a trade-off. Optical access to inflexible probing of a device can transfer heat loads from the probe arm to the device being tested. To minimize this effect, it is essential the probe station unit has some type of shield or other technology to reduce thermal radiation on the sample. Multiple experiments have shown that even the smallest amount of thermal radiation transfer can alter the end results.

2. Another characteristic to compare before purchasing a probe station unit is the ability to make automated variable temperature measurements. Traditionally, probe arms are anchored to the sample stage and the probe tip will move as the sample stage warms. This makes it difficult to automate variable temperature measurements because the probes must be lifted and re-landed for any noticeable temperature transition. The ability to create stable tip position which allows for continuous measurements is critical. Not only does it ensure accuracy but it also provides increased measurement functionality.

3. The sample holders on the probe station unit must be compared as well. Most units offer a variety of sample holders to choose from. Popular options include a grounded sample holder, co-axle sample holder, and isolated sample holder although several additional options are available as well. When comparing units, it is critical to ensure researchers can use the necessary sample holder required to accurately complete their experiment.

4. The probe station units’ vision system is critical to compare before purchasing. This system is responsible for distinguishing characteristics of the sample and properly landing probes. Depending upon the experiment the level of detail provided by the vision system varies. Thus, researchers must consider current experiments as well as future needs when comparing vision systems.

5. The final characteristic to compare before purchasing a probe station unit is overall system versatility. Considering the significant upfront cost, it is imperative researchers make the most out of their unit by selecting an option which allows for successful research utilizing a variety of methods. As more probe station units become customizable or modular overall flexibility and research capabilities continue to expand.

Considering the significant financial investment required to purchase a quality probe station unit it is not surprising how much time and resources are used to accurately compare available options. By focusing on the five key characteristics an accurate comparison can be completed quickly and easily.