Previous Page  29 / 31 Next Page
Information
Show Menu
Previous Page 29 / 31 Next Page
Page Background

Businesses shall consider following strategies for addres-

sing web application risks:

Security measures must be included early in the process

(mandatory).

Software programmers must be trained in how to make

secure coding (techniques).

There must be a vigorous quality assurance process in

place to enforce continuous and controlled quality testing

(dynamic and static code analysis).

Action plans must be created by the management to

address any of the vulnerabilities found.

Deployed applications must be continuously monitored

for new vulnerabilities.

The use of web applications has increased significantly in

the last years due to the value they can add to enterprises.

Accordingly, the innovative web based products will

lead to interact more with customers. However, security

vulnerabilities may occur along with the benefits of these

capabilities that create dangerous risks to enterprises.

Latter web applications require less computing power and

can be integrated with online resources smoothly due to

their client server and cloud based architecture (platform

independent). Additionally, their use can result in time and

cost reduction of processes, increased customer satisfaction

and increased revenue. However, web application

vulnerabilities may cause exploitation of sensitive enterprise

information, disruption of services and theft of intellectual

property. Some of the common vulnerabilities are as follows:

Cross-site scripting

Information leakage

Insufficient anti automation

Insecure direct object reference

Database special purpose

programming language injection

Web Application Security Strategies

CISA

,

Information Security &

Risk Manager

İlyas

KAYMAKÇI

INFORMATION SECURITY 29