Application security encompasses measures taken throughout the code's life-cycle to prevent gaps in the security policy of an application or the underlying system (vulnerabilities) through flaws in the design, development, deployment, upgrade, or maintenance of the application.
Companies use the Internet to expose products or services to the widest possible audience and for this companies must open up the ports related to the web-based traffic (80 and 443 are the most common ports) on their firewalls and the services & software's which are usually developed are for the functionality first, not for the security first. To get the best of both worlds, security and functionality would have to be designed and integrated into the individual phases of the development life cycle.
How to Secure Web Applications ?
Incorporating security into lifecycle
Web Application Vulnerabilities
Technical Vulnerabilities
The Open Web Application Security Project (OWASP) is an online community dedicated to web application security. Provides standard secure coding practices, Web Application Security testing checklist, Mobile Application Security checklist.
OWASP TOP 10
Web_Application_Security_Testing_Cheat_Sheet
Testing_Checklist
Companies use the Internet to expose products or services to the widest possible audience and for this companies must open up the ports related to the web-based traffic (80 and 443 are the most common ports) on their firewalls and the services & software's which are usually developed are for the functionality first, not for the security first. To get the best of both worlds, security and functionality would have to be designed and integrated into the individual phases of the development life cycle.
How to Secure Web Applications ?
Incorporating security into lifecycle
- Integrate security into application requirements
- Including information security professionals in software architecture/design review
- Threat modeling
- Web application vulnerability assessment tools.
Educate (Issue awareness, Training, etc…)
- Developers – Software security best practices
- Testers – Methods for identifying vulnerabilities
- Security Professionals – Software development, Software coding best practices
- Executives, System Owners, etc. – Understanding the risk and why they should be concerned.
Technical Vulnerabilities
- Result of insecure programming techniques
- Mitigation requires code changes
- Detectable by automated tools / scanners
- Result of insecure program logic
- Most often to due to poor decisions regarding trust
- Mitigation often requires design/architecture changes
- Detection often requires humans to understand the context
The Open Web Application Security Project (OWASP) is an online community dedicated to web application security. Provides standard secure coding practices, Web Application Security testing checklist, Mobile Application Security checklist.
OWASP TOP 10
Web_Application_Security_Testing_Cheat_Sheet
Testing_Checklist
