Security in Web Applications

Have you protected your site enough? Use OWASP for your guidelines on how to protect yourself.

November 30th, 2011 at 7:00am — Comments: (3) — By: Jonathan Danylko — Tags: .NET

Key

As developers code their applications, they should immediately think about security in their design right from the get-go.

However, if it's a legacy system and they don't have the luxury of implementing security into the design, you need to play "little Dutch boy" and plug the existing holes of your application (I know, I know...you probably don't have any holes in your code, but humor me...)

There is a document to assist with these matters to identify the most common ways to hack a web site:

OWASP Top 10 for 2010 (on their Wiki)

The OWASP acronym stand for the the Open Web Application Security Project. Even though this list is from 2010, I would imagine these problems are still relevant and still a problem as we come to a close of 2011.

Some good news for ASP.NET developers. Troy Hunt is doing a 10-part series of how to protect yourself as a .NET Developer from these top ten security issues of 2010. These posts are very detailed and he has done a fantastic job on them. Good reading material for .NET developers.

He's currently on Post #9, but stay tuned for #10 soon.

UPDATE:
I DID find a post for the PHP developers about OWASP security precautions.

Are there any other ones out there addressing other languages besides PHP and .NET? Enter a comment below.

Picture of Jonathan Danylko
  • Jonathan Danylko Twitter Account LinkedIn Account Facebook Account

Jonathan Danylko is a freelance web architect and avid programmer who has been programming for over 20 years. He has developed various systems in numerous industries including e-commerce, biotechnology, real estate, health, insurance, and utility companies.

When asked what he likes doing in his spare time, he answers..."programming."

Related Posts

3 Comments

  1. June 27th, 2012 at 2:02pm
    Usually secirity is improved in expluatation while users report some bugs.Developers can't find all of them at once.
  2. February 19th, 2013 at 12:55pm
    Huge information ASP.Net Developer, I would like to appreciate your good work and also would like to encourage you to keep it up.
  3. November 19th, 2013 at 3:59pm
    There are different types of issues in web app security like that focus on application fingerprinting, application penetration testing, configuration management, authorization, input validation, authentication, session management, data access controls and development language specific.

Post a comment