To build secure Web applications, Microsoft describes a holistic approach, which is to apply security at all three layers: network, host, and application. The first layer is network, which involves protecting the network infrastructure which consists of routers, firewalls, and switches. In the host layer, it is securing the host, whether it is your Web server, application server, or database server.
According to the WASC Web Application Security Statistics Project 2008, an initiative to pool together sanitized website vulnerability data and to gain a better understanding about the web application vulnerability landscape, more than 13% of 12186 reviewed sites can be compromised completely automatically. The probability to detect a urgent or critical error in dynamic web application is about 49% by automatic scanning and 96% by comprehensive expert analysis (white box method). Also, Analyst firm Gartner Inc. of IBM has stated that 75% of all attacks on web sites and web applications target the application level and not the infrastructure.
Knowing the threats and incorporating security into the applications’ life cycle are important measures essential to the application security. Open Web Application Security Project (OWASP) and Web Application Security Consortium (WASC) publish documents and initiates projects to raise awareness of application security by identifying some of the most critical risks.
Here is link to the OWASP Top 10, which focuses on Top 10 Most Critical Web Application Security Risks to protect against these high risk problem areas. Be sure to check out the cheat sheet to prevent security vulnerability.
No comments:
Post a Comment