[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

critical web application security controls.

Posted on 2014-09-01
4
Medium Priority
?
289 Views
Last Modified: 2015-05-10
Hi

I need to know the security measures or controls that you need to apply to secure your web application...for example user firewall, ..etc..

can you provide me with the controls that I need to apply to secure my web application?

cheers.
0
Comment
Question by:besmile4ever
2 Comments
 
LVL 43

Assisted Solution

by:pcelba
pcelba earned 1000 total points
ID: 40296609
Web app security is so wide term that it is impossible to answer it in a short message... Just imagine what are the parts involved in the web app - server, network, data, client components etc. etc.

I would recommend to start here: http://en.wikipedia.org/wiki/Web_application_security
and here: http://www.applicure.com/solutions/web-application-security
and more details dealing with Microsoft technologies are here: http://msdn.microsoft.com/en-us/library/ff648636.aspx

Basic Security Practices for Web Applications in .NET Framework 4: http://msdn.microsoft.com/en-us/library/vstudio/zdh19h94(v=vs.100).aspx
0
 
LVL 25

Accepted Solution

by:
madunix earned 1000 total points
ID: 40297174
From our experience, programmers who are uneducated about security issues could be the main reason for unsecured application.

For example SQLi, the thing is, SQL injection was a solved problem *many* years ago.  It shouldn't happen nowadays at all.  It just shouldn't be possible.  But of course, that assumes you're using libraries for your SQL, and that  you're using the "sanitizing" functionality that those libraries give you. You should not be trying to sanitize SQL on your own, that's for sure. Something bad will happen... or it did.

Fixing SQL injection problems is a matter of going through EVERY SINGLE LINE in your code that talks to SQL, and making sure that it's not passing in strings from the URL.  It's just too easy for people to hack.

More education along with specific coding examples in commonly used programming languages  are the best way to have a secure application.

Also you need to have a full security audit at your servers. You need to install some firewalls if you don't already have them, and to lock down your servers, and to make sure they're running the latest software, and then check them 10 or 20 times in all sorts of ways to shut down unnecessary programs/services and get rid of vulnerabilities.


To answer your question, you have to do two things; 1) write software that proactively implements parameter checking to insure that the vulnerability is not written into the software, which takes training and standards, and 2) testing your software for the presence of these vulnerabilities.

There is no magic solution here, I'm afraid.  It's a long process that you'll need to go through  based on network, application and operating system.

http://projects.webappsec.org/Web-Application-Security-Scanner-List
0

Featured Post

How to change the world, one degree at a time.

By embracing technology, we can solve even the biggest problems—including the gender gap.  By earning a degree from WGU, you have an opportunity to gain the knowledge, credentials, and experience it takes to thrive in today’s high-growth IT industry.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Considering today’s continual security threats, which affect Information technology networks and systems worldwide, it is very important to practice basic security awareness. A normal system user can secure himself or herself by following these simp…
Creating a Cordova application which allow user to save to/load from his Dropbox account the application database.
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question