Developing Secure Web Applications Essay

1560 words - 6 pages

I. INTRODUCTION
A web application is an application that uses an internet browser as the client. Examples include Gmail, Amazon, Facebook, LinkedInetc etc. Web applications are popular due to the commonality of web browsers allowing for relatively simple distribution and updates. Essentially, a web application can be run on any device with a web browser. However, the universality of the web browser poses a threat to the security of web applications. In 2013, 33% of disclosures were due to web application vulnerabilities [1]. The most common risks to web application security include cross-site scripting (XSS), SQL injection, broken authentication and session management and security misconfiguration [2]. There are many challenges to developing a secure web application, and often security is not a top priority during development. In addition, the ubiquity of the web browser as a client and the relative convenience of web application development can attract less experienced developers. However, there are a best practices that can guard against some of the most common security threats. The following guidelines ...should be followed??

II. AUTHENTICATION
Authentication commonly involves a login screen requesting a username and password to determine if the user is who he or she claims to be. An attack on authentication could involve repeatedly attempting to login by guessing common passwords. A defense against this type of attack is to lock out the user after a given number of failed attempts. Additionally, if an account is locked due to failed logins, a notification should be sent to a system administrator [3]. Passwords and ideally usernames as well, should be sufficiently difficult to guess. The application should enforce a minimum and maximum length for passwords. NIST considers passwords shorter than 10 character to be weak [4]. The Open Web Application Security Project (OWASP) recommends a maximum password length of 128 characters [5]. In addition to length requirements, the application should also enforce password complexity. These requirements should be explicitly stated on the password creation and change pages. Strong passwords contain at least three of the five following character classes: lower case characters, upper case characters, numbers, punctuation, and “Special” characters [6]. The application should implement a password expiration policy with more critical applications requiring a shorter expiration period [3]. If a user forgets a password, the password should be reset rather than recovered and authentication should be required again after password reset. Emailing passwords should be avoided. The login page and authenticated pages must be accessed over TLS to protect the exchange of data between the client and server [5].
Proper password storage involves applying a one way hash to the password file and using a salt. A salt is a non secret value that causes identical passwords to hash to different values. ...

Find Another Essay On Developing Secure Web Applications

amazon Essay

1171 words - 5 pages option for commerce, because the organization can run on all kinds of machines, either within the organization or at external sites. The developers or programmers are doing the services would be able developing and installing the software for the organization or the organization itself using the Web service provider for their own website. Lastly, it allows tougher business relationships between organization including suppliers and government

The New Standard: VoiceXML Essay

1286 words - 5 pages offer a common approach and broad support of platform for voice applications, similar to what HTML provides for web-based applications. Markup languages that already exist are not quite right for developing voice applications, because they were designed to deliver text data. As an XML-based definition with an HTML-like appearance, VoiceXML will be easy to learn for experienced web content programmers and will be adjustable for easy processing by

Comparison of Message-Oriented Middleware (MOM) and Object Request Brokers (ORBs)

2336 words - 9 pages ), the newest form of middleware.What is Message-oriented middleware (MOM)?Message-oriented middleware (MOM) is a client/server infrastructure that increases the interoperability, portability, and flexibility of an application by allowing the application to be distributed over multiple heterogeneous platforms. It reduces the complexity of developing applications that span multiple operating systems and network protocols by insulating the application

New Trends In E-Business: E-Government And M-Commerce

1329 words - 5 pages all kinds of information about their organizations. Consequently, many organizations began expanding their presence on the WWW by developing new technologies and applications to allow customers and suppliers to conduct business transactions (IGI). It was discovered that through the use of this technology, customers could to business transactions with the organization electronically, and this led to the birth of “electronic business,” also

The Promise of Truly Advanced Broadband

3157 words - 13 pages affordable for ten or more years. This section will look at some examples of applications in use today on Internet2. Dozens more applications are documented at the Internet2 Web site.[8 ]Public Television’s Next-Generation Interconnection PilotPublic television stations are currently connected to each other by a one-way satellite system. The Public Broadcasting Service (PBS) stations at the University of Wisconsin and Washington State University

Riordan Manufacturing SR-rm-004

1679 words - 7 pages enhancing user participation, expediting development, and improving the quality of specifications (2009).Section 2The application architecture of Riordan Manufacturing will consist of using the object-oriented (OOP) planning which designs the applications and computer programs and the database management system (DBMS) that manages the databases. In addition, the applications will be combined with web services in an intranet application, which

Riordan Manufacturing

1483 words - 6 pages applications will be combined with web services in an intranet application, which will be coded using an open source technology. Since the HR department uses the human resources management system (HRMS) to store the employees' information only, the new system along with the HRMS system will allow the organization to incorporate the following: modifications on employee information, storage of employee training and development records, which can

RS Components

6069 words - 24 pages and manage lightly, it is divided into several transportation teams to provide delivery service to Process Center, Storage Center, Chain Stores and Customers.References[R246775] IBM Redbooks, SG246775[Redpo514] IBM Redbooks, redpo514[SG246572] IBM Redbooks, SG246572A Guide to Building Secure Web Applications[http://www.cgisecurity.com/owasp/html/guide.html]J.Nielsen, Ten Usability Heuristics [http://www.useit.com/papers/heuristic

The E-Commerce Opportunity

583 words - 2 pages systems manually, a labor-intensive process that can introduce errors. By accepting applications via a secure Web site, businesses can speed application processing, reduce processing costs, and improve customer service. · Better marketing through better customer knowledge: Establishing a storefront on the Web positions enterprises for one-to-one marketing—the ability to customize products and services to individual customers rather than

Internet2-New Wave Of The Future

504 words - 2 pages spawned like a mutation of sorts. Nowadays, almost everything is on the web. People pay there bills online, do their shopping, communicate back and forth with each other, and even watch TV. Although very good for being a mutation, the current Internet is not designed for the next generation of applications. That is where Internet2 comes in. It promises to simplify the way we work on the web as well as make it easier for us to do our everyday

Network Security

1735 words - 7 pages this leaves little time for testing and developing protection against threats. Great steps must be taken to secure the network and protect it. And due to the high levels of threats, many companies have begun to develop different types of software and hardware to help people protect their networks. A threat is defined as anything that endangers the safety of the network, and today there are more threats then ever before. The damage that the

Similar Essays

Network Development Analysis

901 words - 4 pages information system and information technology strategy that would form the basis for developing applications for their entire range of retail operations — from supply chain to corporate support. The objective Create a robust information systems infrastructure to enhance supply chain efficiency as well as front office applications that will position the company for future growth. Those applications will include order entry, customer profiles, and

Test Essay

935 words - 4 pages every tool which accepts this language can execute the web services. If coke deliver was slow then the wired-network system can approach with supplier. • Just-In-Time Integration: This helps web services in time-saving and application of coupling could be removed. In this process it will remove bugs and configuration errors within a specified time. • Industry Support: Free software kit from developing industries of web services like amazon, etc

Java Programming Language Essay

1771 words - 7 pages interactive element to the Web. It is designed to enhance the browsing experience and take us into the next generation of The Web. "Java is an object-oriented language that adds animation and real-time interaction through in-line applications (called applets)." (Network Computing) So you are asking yourself, What is Java? How does it work? "Java is a simple, object-oriented, multithreaded, garbage-collected, secure, robust, architectural-neutral

Windows Advance Server 2003 Essay

552 words - 2 pages - Local and remote drive management- Volume mount points can mount a local drive on any empty folder on a local NTFS diskServer Roles* File and Print Server* Web Server- Incorporating IIS 5 allows Advanced Server to act as a high-end web server* CPU throttling for Web applications - provides the ability to limit the amount of CPU time given to a Web application to free up resources for other applications running on the server* Active Directory