Businesses shall consider following strategies for addres-
sing web application risks:
Security measures must be included early in the process
(mandatory).
Software programmers must be trained in how to make
secure coding (techniques).
There must be a vigorous quality assurance process in
place to enforce continuous and controlled quality testing
(dynamic and static code analysis).
Action plans must be created by the management to
address any of the vulnerabilities found.
Deployed applications must be continuously monitored
for new vulnerabilities.
The use of web applications has increased significantly in
the last years due to the value they can add to enterprises.
Accordingly, the innovative web based products will
lead to interact more with customers. However, security
vulnerabilities may occur along with the benefits of these
capabilities that create dangerous risks to enterprises.
Latter web applications require less computing power and
can be integrated with online resources smoothly due to
their client server and cloud based architecture (platform
independent). Additionally, their use can result in time and
cost reduction of processes, increased customer satisfaction
and increased revenue. However, web application
vulnerabilities may cause exploitation of sensitive enterprise
information, disruption of services and theft of intellectual
property. Some of the common vulnerabilities are as follows:
Cross-site scripting
Information leakage
Insufficient anti automation
Insecure direct object reference
Database special purpose
programming language injection
Web Application Security Strategies
CISA
,
Information Security &
Risk Manager
İlyas
KAYMAKÇI
INFORMATION SECURITY 29