WAP Security
The Wireless Application Protocol, or WAP, has been widely criticized by the media and corporations alike for its security shortcomings. What are the security issues with WAP? How can organizations overcome them? This section attempts to answer those questions, by explaining where WAP excels and where it falls short. After we examine the security model of WAP 1.x, we will look at the improvements made in WAP 2.x.
In the WAP 1.x security architecture, two aspects of security need to be addressed:
- Transport-level security. This aspect deals with the communication between the client applications and the enterprise servers. This involves two protocols: WTLS is used over the air, while SSL or TLS is used over the wire. This change in protocols is the basis of the major WAP security problem.
- Application-level security. This aspect deals with the security of the client application. This involves digital signatures and encryption.
Together, these two security areas will address the security concerns that are typical in any security model, including authentication, data integrity, confidentiality, authorization, and nonrepudiation.
Note Though this section focuses on WAP, most of the concepts and issues relate to other forms of thin client applications as well. Depending on the protocols and networks being used, other wireless Internet applications will be similar to either the WAP 1.x or WAP 2.x architecture.
In this tutorial:
- Mobile and Wireless Security
- Security Primer
- Networking Security Threats
- Security Technologies
- Algorithms and Protocols
- Leading Protocols
- Transport Layer Security (TLS)
- Other Security Measures
- Virtual Private Networks (VPNs)
- WAP Security
- Transport-Level Security
- The WAP Gap
- Application-Level Security
- Smart Client Security
- Data Store Security