Chapter 12. Securing Applications
IN THIS CHAPTER
Creating a WML application usually means that you will be sending and receiving data across the ubiquitous Internet as the user takes his browser with him from place to place. You should be aware of the inherent insecurities in that environment and the facilities that WAP provides you to confront them.
One of the underlying tenets of any capitalist economy is the desire to acquire money from others. You are probably only interested in creating WML applications that lead potential customers to this end. You want to make sure that they can trust handing sensitive information and even cash to your company through your very simple WML interface. Not only do you need to present your application so that users can trust it, you have to live up to that trust.
This chapter will lead you through the basics of Internet application security and the architecture within WAP for thwarting threats to the revenue from your customers. I will also show you ways to authenticate and manage sessions with your users and the portions of WML that specifically address those issues.
Note
This chapter is not intended to be an authoritative guide to Web application security; it is simply an introduction. For a thorough treatment of the topic, please pick up a more focused book such as Maximum Security: A Hacker's Guide to Protecting Your Internet Site and Network, Second Edition, published by Sams.