Features for Secure Web

Secure Web application development

The NUIT Guide to Securing Web Applications was developed as a resource for web application developers, testers, and the Information and Systems Security/Compliance (ISS/C) department. In particular, the guide is meant to:

  • Provide sound application development guidance for application developers so that web applications may be designed with security in mind.
  • Provide guidance for application developers on testing existing web applications for security vulnerabilities (such as buffer overflows, cross site scripting, etc.).
  • Encourage developers to obtain secure coding education/instruction.
  • Provide guidance for ISS/C personnel on testing web applications for security vulnerabilities.

Secure Web Applications and Coding

Secure coding is the practice of writing code for systems, applications and web pages in such a way as to ensure the confidentiality, integrity and accessibility of data and information related to those systems. Programmers fluent in secure coding practices can avoid common security flaws in programming languages and follow best practices to help avoid the increasing number of targeted attacks that focus on application vulnerabilities.

Secure coding practices, in conjunction with pre-production and ongoing testing via ISS/C’s Information Security Vulnerability and Web Application Assessment Programs, help to ensure that applications are developed and maintained with a minimum exposure to known security vulnerabilities. When secure coding practice is applied throughout the development life cycle, the benefits can be: minimal impact to project implementation dates and schedules; reduced exposure to compromise; and overall improvements to risk management.

Developers should utilize the “OWASP Top Ten” list to guide their secure coding efforts. The OWASP Top Ten details the most common web application security vulnerabilities, including basic methods to protect against these vulnerabilities.

For web application assessment, ISS/C uses WebInspect, an automated Web application and Web services vulnerability assessment tool that is specifically designed to assess potential security flaws and to provide all the information needed to fix them. As an assessment is initiated, WebInspect assigns "assessment agents" that dynamically catalog all areas of a Web application. As these agents complete the assessment, findings are reported to a main security engine that analyzes the results.

WebInspect then launches audit engines to evaluate the gathered information and apply attack algorithms to locate vulnerabilities and determine their severity. Manual assessment using WebInspect is also possible for in-depth testing. Reporting is provided in the mail GUI console and as stand alone reports in numerous formats.

Recommendations

These references provide general guidance to the technologies addressed in these sections and the specific recommendations contained therein.

Source: www.it.northwestern.edu
RELATED VIDEO
08 Web Application Development
08 Web Application Development
Developing secure applications
Developing secure applications
Web Applications Development -Ensures Secure Web Based
Web Applications Development -Ensures Secure Web Based ...
RELATED FACTS
Share this Post

Related posts

Choosing BI Solution: Tibco Spotfire or Tableau?

Choosing BI Solution: Tibco Spotfire or Tableau?

NOVEMBER 21, 2017

Recently Business Intelligence (BI) is gaining increasing importance among successful companies. Business Intelligence allows…

Read More
Open source Web application development

Open source Web application development

NOVEMBER 21, 2017

WebSmart PHP is the fastest way for RPG, PHP and other programmers to develop IBM i and multi-platform PHP web applications…

Read More