how to guide: secure web apps


Secureweb applications


Addressing web application vulnerabilities requires a combination of secure coding and technical precautions


LONGgone are the days of static web pages. Today, even the simplest of websites will include a degree of interactivity. That is good news for both users and


website operators, but web applications – as all interactive websites can be described – also present security vulnerabilities. And as business websites increasingly handle


sensitive customer data such as credit card details and link into critical business applications, it is essential that these vulnerabilities are identified and addressed. The five most common web application


vulnerabilities, as identified by the Open Web Application Security Project (OWASP), are:


SQL injection: when a malicious piece of code is injected into a web application through a data entry field, tricking the web application into executing it.


Cross-site scripting: when a web page is hijacked to execute code from a malicious site, allowing hackers to circumvent the security defences of the user’s browser.


Broken authentication and session management:when weaknesses in the way that a website authenticates users or maintains


www.information-age.com


their user session are exploited to steal passwords or other sensitive data.


Insecure direct object references: when the URLs of web pages can be reverse engineered to access pages or data that should be secure.


Cross-site reference forgery: when a logged-in user’s browser is tricked into sending malicious requests to a website, which are taken by the web server to be legitimate.


Preventing these vulnerabilities from ever occurring requires software developers to


www.f5.com 11


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20