WAP
WAP can provide end-to-end security between the two endpoints. If the browser and the server explicitly express the need to use end-to-end security, they must communicate directly in order to be able to use the WAP protocols. Also, if the WAP proxy is trusted or it is known to locate in the same physical place as the WAP client, the end-to-end security can be achieved.[7]
When one specifies an URL, all the variables that the URL uses are accessible. To overcome this security risk, WML provides elements controlling access control. The most common security risks occur when a WAP client voluntarily requests a harmful service masking it as a legitimate service. This may occur by directly accessing a card in the service that has sensitive operations, by gaining access to variables in the service that have confidental information or by clearing the variables. In order to avoid this, the service should use scripts to check that the request comes from an allowed user. [4]
Tags: WAP