critical web application security controls.

Posted on 2014-09-01
Last Modified: 2015-05-10

I need to know the security measures or controls that you need to apply to secure your web application...for example user firewall, ..etc..

can you provide me with the controls that I need to apply to secure my web application?

Question by:besmile4ever
    LVL 41

    Assisted Solution

    Web app security is so wide term that it is impossible to answer it in a short message... Just imagine what are the parts involved in the web app - server, network, data, client components etc. etc.

    I would recommend to start here:
    and here:
    and more details dealing with Microsoft technologies are here:

    Basic Security Practices for Web Applications in .NET Framework 4:
    LVL 25

    Accepted Solution

    From our experience, programmers who are uneducated about security issues could be the main reason for unsecured application.

    For example SQLi, the thing is, SQL injection was a solved problem *many* years ago.  It shouldn't happen nowadays at all.  It just shouldn't be possible.  But of course, that assumes you're using libraries for your SQL, and that  you're using the "sanitizing" functionality that those libraries give you. You should not be trying to sanitize SQL on your own, that's for sure. Something bad will happen... or it did.

    Fixing SQL injection problems is a matter of going through EVERY SINGLE LINE in your code that talks to SQL, and making sure that it's not passing in strings from the URL.  It's just too easy for people to hack.

    More education along with specific coding examples in commonly used programming languages  are the best way to have a secure application.

    Also you need to have a full security audit at your servers. You need to install some firewalls if you don't already have them, and to lock down your servers, and to make sure they're running the latest software, and then check them 10 or 20 times in all sorts of ways to shut down unnecessary programs/services and get rid of vulnerabilities.

    To answer your question, you have to do two things; 1) write software that proactively implements parameter checking to insure that the vulnerability is not written into the software, which takes training and standards, and 2) testing your software for the presence of these vulnerabilities.

    There is no magic solution here, I'm afraid.  It's a long process that you'll need to go through  based on network, application and operating system.

    Featured Post

    6 Surprising Benefits of Threat Intelligence

    All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

    Join & Write a Comment

    Suggested Solutions

    If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
    Healthcare organizations in the United States must adhere to the guidance of both the HIPAA (Health Insurance Portability and Accountability Act) and HITECH (Health Information Technology for Economic and Clinical Health Act) for securing and protec…
    Video by: Steve
    Using examples as well as descriptions, step through each of the common simple join types, explaining differences in syntax, differences in expected outputs and showing how the queries run along with the actual outputs based upon a simple set of dem…
    Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now