“Client-Heavy” Web Apps and Implications for Security
Modern web applications and websites today behave very differently compared to just a few years back. I want to highlight two of the most important changes that have changed the way in which the web works, with very important implications for security.
Change 1: Execution moves to the Client
Modern web apps have become very “client-heavy” when it comes to code execution. Prior generations of web applications performed code execution and data storage on the server, and sent <html> to the client for rendering. Back then, our client devices were not powerful and acted as simple display screens for the web.
What does this mean for security? It means that when you think about protecting your web app, you had better know what is being executed on the client. Secondly, your web app is storing potentially confidential app data on the client. Network or server based security products have no idea what is getting executed on your client.
Change 2: Explosion in Third Party Integrations
What does this mean for security? If any of those 3rd party servers is compromised, your user is compromised – so web app owners need to understand and restrict what actions 3rd parties are able to perform on their user’s devices.
Drop me a note and let me know if you want to know how Tala can help you defend your web apps and users against advanced attacks.