Inurl draft guidelines for mandating the use of ipsec
You can obtain cards that are compliant with Windows for Smart Cards from a variety of sources.You can develop smart card applications by using systems such as Microsoft Visual Basic and Microsoft Visual C .This capability makes it possible for the card to keep some secrets, such as the private keys associated with any certificates it holds.The card itself actually performs its own cryptographic operations.Some of the main areas that are commonly overlooked to audit Web applications include: input validation and sanitization, error checking and handling, and vigorous session management.The secret to creating secure Web applications lies with implementing multi-tiered solutions.A number of vendors are providing support and other standards for Windows for Smart Cards.Sun Microsystems has published and currently maintains specifications for both Windows for Smart Cards and a “Java Card.” Gemplus and Schlumberger also support Windows for Smart Cards, in addition to their own card operating system, the “Java Card” specification.
According to Gemplus, a leading smart card manufacturer, companies have reduced their technical support calls by 40 percent by implementing smart cards that perform automatic authentication, which previously was an error-prone manual process.
Credit card vendors, cellular phone vendors, Unites States and European banks, credit agencies, and debit agencies are examples of organizations that are tailoring smart card applications and procedures geared exclusively to the services they offer and the companies with which they do business.
The two largest vendors of operating systems for smart cards are MAOSCO (an industry consortium) and Microsoft.
This chapter introduces the concepts necessary to audit Web applications.
The Web application would have to be set up in such a way that it acts as a server for all requests to the client.