Secure Web Application Development
As more and more applications find their way to the World Wide Web, security concerns have increased.Web applications are by nature somewhat public and therefore vulnerable to attack.Today, it is the norm to visit Web sites where logins and passwords are required to navigate from one section of the site to another.This is much more required in a Web application where data is being manipulated between secure internal networks and the Internet.Web applications, no matter their functions, should not exchange data over the Internet unless it is encrypted or at least digitally signed. Our focus here is on methods of creating secure, or at least security-conscious, Web applications and Web infrastructures.
Secure applications do not just happen – they are the result of an organization deciding that they will produce secure applications. Insecure organizations simply don’t know where this “taste” is set, and so when projects run by the insecure organization select controls, they will either end up implementing the wrong controls or not nearly enough controls. Rare examples have been found where every control, including a kitchen sink tealeaf strainer has been implemented, usually at huge cost.
We follow the following Secure Coding Principles while developing Secure Web Applications:
- Minimize Attack Surface Area
- Secure Defaults
- Principle of Least Privillege
- Principle of Defense in Depth
- Fail Securely
- External Systems are Insecure
- Separation of Duties
- Do not trust Security thourgh Obscurity
- Fix Security Issues Correctly