Web Application Security

Why Web Application Security?

There is no doubt that every business is integrating web applications or already done so to allow employees and customers to interact on daily basis. This can be an employee who is checking his or her emails or a customer placing an order thru a shopping cart application. The first problem is that we cannot distinguish between a normal user and a criminal one. The second problem, applications are written by humans therefore are susceptible to bugs and errors.

The Threats

Most of the threats are errors while coding the application and wrong assumptions by the programmer how his application will be executed within the browser. Other threats are relay on patch management or system misconfiguration. As a reference we are using the Top 10 threats that were defined by the OWASP organization for 2010-2013:

Year 2010 Top 10

A1: Injections
A2: Cross-Site Scripting (XSS)
A3: Broken Authentication and Session Management
A4: Insecure Direct Object References
A5: Cross-Site Request Forgery
A6: Security Misconfiguration
A7: Insecure Cryptographic Storage
A8: Failure to Restrict URL Access
A9: Insufficient Transport Layer Protection
A10: Unvalidated Redirects and Forwards

Year 2013 Top 10

A1 Injection
A2 Broken Authentication and Session Management
A3 Cross-Site Scripting (XSS)
A4 Insecure Direct Object References
A5 Security Misconfiguration
A6 Sensitive Data Exposure
A7 Missing Function Level Access Control
A8 Cross-Site Request Forgery (CSRF)
A9 Using Components with Known Vulnerabilities
A10 Unvalidated Redirects and Forwards

The Top 10 is good for companies to get started with Web Application security and you should not stop there is threats landscape is changing constantly – so your security.

The Solution

2Secure has developed a solution that has three stages that can help and mitigate the threats:

√ Preform risk assessments BEFORE & AFTER web application is in production
√ Based on the results from the risk assessment, implement mitigating controls.
√ Integrate safeguards during the Software Development Life Cycle (SDLC) BEFORE the application is published on the Internet or Intranet.

 

Resources

Penetration Testing Audit - Case Study

Penetration Testing Audit – Case Study

External Network & Web Application Assessment Demo

External Network & Web Application Assessment Demo

 

To get started, submit your request today!

"Ounce of preventive is worth a pound of cure."

Call An Expert 646-755-3933

Name (required)

Email (required)

Phone

Your Message

Our Clients Love Us

Douglas Haddad AFN

Accurate, Safe & Secure
It is the smallest things that can do the most damage. In the realm of security there is no greater asset than someone who can protect you from the things you didn’t even know existed. 2Secure Corp does an amazing job at keeping our operations safe and secure, at a price that works for us. Whenever we had any emergency it was dealt with the immediacy we have grown to expect and the solutions provided were both accurate and cost effective for our organization.

Advanced Funds Network LLC
Douglas A. Haddad
Managing Partner