Safe development: Safeguarding web applications

Share this article:
Safe development: Safeguarding web applications
Safe development: Safeguarding web applications

To secure web applications, makers must take ownership of their lifecycle management, reports Deb Radcliff.

LulzSec uses zero-day on PBS! Hacker group raids Sony Pictures in latest breach! Mass injection campaign affects 3.8 million pages!  

These are just some of the web application breach events to make headlines in 2011. In just the first half of this year, the number of attacks on websites increased by 65 percent over 2010, and surpassed the total number of attacks tracked in all of 2009, according to HP's “2011 Mid-year Top Cybersecurity Risks Report.”

Most troubling is that the exploits into these applications – SQL injection attacks, cross-site scripting (XSS) and buffer overflows – continue to take advantage of vulnerabilities in the code and functional aspects of applications that security experts have known about for decades, says Ed Adams (left), CEO of Security Innovation, a software, training and consulting services company based in Wilmington, Mass. 

“Today, it is inexcusable to allow a SQL injection into a public-facing web application where criminals can extract data on customers, take down servers or set up drive-by downloads onto victim browsers,” he says. “And yet, all too often, these things occur.”

Frameworks and tools are available to create cradle-to-grave policy around secure application development and maintenance. Yet these SQL, XSS and overflow vulnerabilities remain among the top web application security risks, according to listings by the Open Web Application Security Project (OWASP), the SANS Institute, and others. 

What's needed, many experts say, is a wholesale shift toward secure coding and application development practices. Yet, despite the sense in creating strong foundations, builders often leave the safety aspects of their applications to people who have little coding background.

Page 1 of 4
Share this article:
You must be a registered member of SC Magazine to post a comment.
close

Next Article in Features

Sign up to our newsletters

TOP COMMENTS

More in Features

Same battle, different field

Same battle, different field

Cyberwarfare is so new that the ground rules are still being established. Nazan Osman provides an overview.

Passwords are passé

Passwords are passé

New solutions are gaining traction to complement, or replace, the legacy use of username and password, reports Ashley Carman.

Driven by mobile: The challenge of protecting mobile devices

Driven by mobile: The challenge of protecting mobile ...

Hardware makers and solutions providers seek to find the right formula for protecting devices - and data, reports Alan Earls.