SE·CU·RI·TY: procedures followed or measures taken to ensure the safety of a state or organization.

Internet Storm Center Infocon Status
Showing posts with label web application. Show all posts
Showing posts with label web application. Show all posts

Sunday, February 16, 2014

Defining Web Application Security

As web applications are becoming increasingly more complex and dynamic, so are the

malicious actions taken on them. The security of a web application or service is vital to maintain

proper function of the application, protect the users of the application, and protect the data

transferred through or stored by the web application. Every application has vulnerabilities, and

being able to detect them and protect against threats is the first step in protecting information

through web application security.


In an effort to raise awareness of threats to software, and to enhance the security of

applications, the Open Web Application Security Project (OWASP) started the OWASP Top Ten 

 Project that “represents a broad consensus about what the most critical web application security

flaws are”. This project details the most common risks to applications, educating others on how

to identify security vulnerabilities and steps to prevent, or mitigate, threats to web applications

and software. As of 2013, OWASP has identified the following as the top 10 web application

security risks:

     1. Injection

     2. Broken Authentication and Session Management

     3. Cross-Site Scripting (XSS)

     4. Insecure Direct Object References

     5. Security Misconfiguration

     6. Sensitive Data Exposure

     7. Missing Function Level Access Control

     8. Cross-Site Request Forgery (CSRF)

     9. Using Components with Known Vulnerabilities

     10. Unvalidated Redirects and Forwards


This list does not include all of the risks to web applications, and not all of these risks pertain to

individual applications.


The purpose of this blog is to provide knowledge and understanding of the web application

security standards today. Follow us as we answer the questions relevant to securing

information on the world wide web:

     • What is a threat?

     • How do you detect breaks in the security of a web application/service?

     • What steps can be take to protect information?


Knowing the web application, and knowing the users, will help identify relevant risks. The most

powerful tool in securing an application is to continuously improve the security.
Posted by at 6 comments:
Labels: , , , , , , , ,
Subscribe to: Posts (Atom)

Wikipedia

Search results