Solved

Enhancing The Security of the Web Applications

Posted on 2004-04-24
5
357 Views
Last Modified: 2013-11-15
Hello, I am a (Web Application Developer) and I am asking about how to find a best guide or model that covering all security points from beging of developing till publishing. Please help me to enhance my web application secuirty by using standard way.
0
Comment
Question by:Rami_Science
  • 2
  • 2
5 Comments
 
LVL 5

Expert Comment

by:Droby10
ID: 10909286
there are a number of generic and detail-focused checklists/guides here: http://www.owasp.org/.

0
 
LVL 7

Expert Comment

by:shahrial
ID: 10917246
What kind of web development platform are you using? For specifics, please input more details...else see Droby10 comment.
 
0
 

Author Comment

by:Rami_Science
ID: 10926628
hi, Droby10 the OWASP site is so nice, but I'm just beginner in the security issues so I will take some time to check it out before accepting your answer.
0
 

Author Comment

by:Rami_Science
ID: 10926734
    hello, shahrial. Till now I'am using windows as system platform and ASP + VBScript + JavaScript as languages. I think realy I'am searching about references that give me a complete vision  about  making my web applications safe for my customers in intrnet/intranet networks.
Here some issues tell me what do you think and take me to the right track.

     * The confidentiality of the submitted information like (member's information, private numbers, credit cards, electronic checks and e-mails).
     * Some Issues below:
1.  Server-Side Script.
2.  Client-Side Script.
3.   DBMS.
4.   Web Server Software.
5.   Server Operating System.
6.   Administrator's, Author's, User's and Guest's Permissions.
7.   Browsers.
8.   Host issue.
9.   Using security software.
10. Passwords Protection.
11. The Web Policy.
12. Credit card proxy Systems.
13. SSL.
14. Server Side include file problem.
15. Distributed Denial of Services (DDoS) Attack.
16. Security Layers.
 
0
 
LVL 7

Accepted Solution

by:
shahrial earned 500 total points
ID: 10934502
1.  Server-Side Script. > http://www.w3.org/Security/Faq/wwwsf3.html
2.  Client-Side Script. > http://www.codeproject.com/aspnet/scriptgen.asp?msg=802619
3.   DBMS. > http://searchdatabase.techtarget.com/featuredTopic/0,290042,sid13_gci863539,00.html
4.   Web Server Software. > http://www.w3.org/Servers.html
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/webapp/iis/default.mspx
5.   Server Operating System. > http://www.microsoft.com/technet/prodtechnol/windowsserver2003/default.mspx
6.   Administrator's, Author's, User's and Guest's Permissions. ... these are OS specifics...see Server OS.
7.   Browsers. > http://www.theguardianangel.com/tutorials/browser_security_tutorials_summary.htm
8.   Host issue. ???
9.   Using security software. > http://www.alw.nih.gov/Security/prog-full.html
10. Passwords Protection. > http://www.nipc.gov/publications/nipcpub/password.htm
http://www.cert.org/tech_tips/passwd_file_protection.html
11. The Web Policy. > http://www.defenselink.mil/webmasters/
12. Credit card proxy Systems. > http://www.devshed.com/c/a/Administration/ScriptBased-Credit-Card-Interfaces/
13. SSL. > http://developer.netscape.com/tech/security/ssl/howitworks.html
14. Server Side include file problem. > http://www.freewebmasterhelp.com/tutorials/ssi
15. Distributed Denial of Services (DDoS) Attack. > http://www.denialinfo.com/
16. Security Layers. > http://www.findarticles.com/cf_dls/m0FOX/n15_v3/21168397/p1/article.jhtml

There are many sites and books to learn from the above topics...
Hope this helps...;-)

0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
This video demonstrates how to use each tool, their shortcuts, where and when to use them, and how to use the keyboard to improve workflow.
The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now