Safe development: Safeguarding web applications

Share this article:
Safe development: Safeguarding web applications
Safe development: Safeguarding web applications

To secure web applications, makers must take ownership of their lifecycle management, reports Deb Radcliff.

LulzSec uses zero-day on PBS! Hacker group raids Sony Pictures in latest breach! Mass injection campaign affects 3.8 million pages!  

These are just some of the web application breach events to make headlines in 2011. In just the first half of this year, the number of attacks on websites increased by 65 percent over 2010, and surpassed the total number of attacks tracked in all of 2009, according to HP's “2011 Mid-year Top Cybersecurity Risks Report.”

Most troubling is that the exploits into these applications – SQL injection attacks, cross-site scripting (XSS) and buffer overflows – continue to take advantage of vulnerabilities in the code and functional aspects of applications that security experts have known about for decades, says Ed Adams (left), CEO of Security Innovation, a software, training and consulting services company based in Wilmington, Mass. 

“Today, it is inexcusable to allow a SQL injection into a public-facing web application where criminals can extract data on customers, take down servers or set up drive-by downloads onto victim browsers,” he says. “And yet, all too often, these things occur.”

Frameworks and tools are available to create cradle-to-grave policy around secure application development and maintenance. Yet these SQL, XSS and overflow vulnerabilities remain among the top web application security risks, according to listings by the Open Web Application Security Project (OWASP), the SANS Institute, and others. 

What's needed, many experts say, is a wholesale shift toward secure coding and application development practices. Yet, despite the sense in creating strong foundations, builders often leave the safety aspects of their applications to people who have little coding background.

Page 1 of 4
Share this article:
close

Next Article in Features

Sign up to our newsletters

More in Features

Know your friends: Partnering with the right allies

Know your friends: Partnering with the right allies

Choosing the right allies to ensure security requirements is a challenge for businesses both large and small, reports James Hale.

Bad reputation: Annual guarding against a data breach survey

Bad reputation: Annual guarding against a data breach ...

Will recent high-profile cyber attacks spur stronger security and improved risk management? The consensus from our data breach survey indicates: Yes, reports Teri Robinson.

Network Rx: Health care security

Network Rx: Health care security

With the addition of 15,000 mobile devices accessing its network, a medical center found assurance - and met compliance mandates, reports Greg Masters.