Application security risks are pervasive and can pose a direct threat to business availability. Although it is not a standalone security requirement, its increasing risk to cause denial of service attacks makes it a highly important one. Applications are the primary tools that allow people to communicate, access, process and transform information. How can businesses reduce security risks around these applications? There are three front-line approaches: Better training, more rigorous testing, and more stringent policies and procedures.
While these techniques can offer a first layer of protection, time-to-market pressures often interfere with such approaches being followed. Too often the “It won’t happen to me” mentality remains in place until a breach occurs that exposes known vulnerabilities.
News and insights delivered right to your inbox. Sign up for the AT&T Business Newsletter.
The world works using Web-based applications and Web-based software. Because of the proliferation of Web-based apps, vulnerabilities are the new attack vector. An attack of a Web-based application may yield information that should not be available, browser spying, identify theft, theft of service or content, damage to corporate image or the application itself and the dreaded Denial of Service.
Why are Web applications vulnerable? Due to the very nature of HTTP, which is clear text, attackers find it very easy to modify the parameters and execute functionality that was not intended to be executed as a function of the application.
There are known vulnerabilities that simple programming practices can reduce. However, I have been surprised to meet professional programmers who have never heard of them – their organizations have not provided the necessary information and guidance for awareness. Fortunately, even if the organization is not fully aware of its vulnerabilities, the average developer can make a huge difference to avoid the top 10 vulnerabilities of web applications.
While these application coding flaws are not all of the potential security coding flaws that could occur, these are the ones that are the most serious for most organizations. If the methods for reducing or eliminating these Top Ten are exercised when coding and testing applications, the security of an application can be increased substantially. Referencing the Open Web Application Security Project (OWASP) is a great start to reducing risk.
A risk management program is essential for managing vulnerabilities. OWASP is reaching out to developers and organizations to help them better manage Web application risk. The following are the Top Ten OWASP security risks briefly explained:
There is a plethora of information available describing each of these risks, how to avoid them, and how to review code and test for them. While each of these Top Ten risks can be addressed through proactive training and testing, along company security policies that address them, you can find many vital next steps to take to keep your business safe now by checking out the OWASP web site.
You can read more about these exploits, download the testing guide, get developer cheat sheets or find out where to attend a meeting among other advantages. One of my favorite OWASP references is the Cross-Site Scripting explanation because while there are a large number of XSS attack vectors, the following of a few rules can defend against the majority of them greatly!
Share this with others
READ MORE ARTICLES ON:
Sign up for the AT&T Business newsletter
Please provide the following information to access your document:
* To access your content, please check your browser settings to make sure pop-up windows are allowed.