A Guide to Building Secure Web Applications version 1.1

    Date24 Sep 2002
    3424
    Posted ByAnthony Pell
    We all use web applications everyday whether we consciously know it or not. That is, all of us who browse the web. The ubiquity of web applications is not always apparent to the everyday web user. When one visits cnn.com and . . . We all use web applications everyday whether we consciously know it or not. That is, all of us who browse the web. The ubiquity of web applications is not always apparent to the everyday web user. When one visits cnn.com and the site automagically knows you are a US resident and serves you US news and local weather, it's all because of a web application. When you transfer money, search for a flight, check out arrival times or even the latest sports scores online, you are using a web application. Web Applications and Web Services (inter-web applications) are what drive the current iteration of the web and are evolving to serve new platforms and new devices with an ever-expanding array of information and services.

    The last two years have seen a significant surge in the amount of web application specific vulnerabilities that are disclosed to the public. No web application technology has shown itself invulnerable, and discoveries are made every day that affect both owners' and users' security and privacy.

    Security professionals have traditionally focused on network and operating system security. Assessment services have relied heavily on automated tools to help find holes in those layers. Today's needs are different, and different tools are needed. Despite this, the basic tennants of security design have not changed. This document is an attempt to reconcile the lessons learned in past decades with the unique challenges that the web provides.

    While this document doesn't provide a silver bullet to cure all the ills, we hope it goes a long way in taking the first step towards helping people understand the inherent problems in web applications and build more secure web applications and Web Services in the future.

    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    Have you used our RSS feeds?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 4 answer(s).
    /component/communitypolls/?task=poll.vote&format=json
    21
    radio
    [{"id":"77","title":"Yes, for articles","votes":"3","type":"x","order":"1","pct":33.33,"resources":[]},{"id":"78","title":"Yes, for advisories","votes":"3","type":"x","order":"2","pct":33.33,"resources":[]},{"id":"79","title":"Hybrid that contains both","votes":"0","type":"x","order":"3","pct":0,"resources":[]},{"id":"80","title":"No","votes":"3","type":"x","order":"4","pct":33.33,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.