Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Top tips for secure web applications [closed]

Tags:

security

web-applications

I am looking for easy steps that are simple and effective in making a web application more secure.

What are your top tips for secure web applications, and what kind of attack will they stop?

like image 397
Oded Avatar asked Sep 06 '08 08:09

Oded

People also ask

What is the most important rule concerning web application security?

Always use the least permissive settings for all web applications. This means that applications should be buttoned down. Only highly authorized people should be able to make system changes and the like. You might consider including this in your initial assessment.

What are three ways to secure applications?

Three Ways To Secure Application Services – Authentication, Automation, And Collaboration – Information Security Buzz.

1 Answers

Microsoft Technet has en excellent article:

Ten Tips for Designing, Building, and Deploying More Secure Web Applications

Here are the topics for the tips answered in that article:

  1. Never Directly Trust User Input
  2. Services Should Have Neither System nor Administrator Access
  3. Follow SQL Server Best Practices
  4. Protect the Assets
  5. Include Auditing, Logging, and Reporting Features
  6. Analyze the Source Code
  7. Deploy Components Using Defense in Depth
  8. Turn Off In-Depth Error Messages for End Users
  9. Know the 10 Laws of Security Administration
  10. Have a Security Incident Response Plan
like image 79
Espo Avatar answered Sep 27 '22 22:09

Espo
Sign in to Comment

Related questions

.NET Assembly Plugin Security
Difference between CookieStore Sessions and Encrypted Cookies in Ruby On Rails
How to use setuid() from root to become user, with the possibility of becoming root again later?
What harm can javascript do?
Is there any danger in loading external, third-party CSS?
One way SSL is one way encryption?
Can a PHP file ever be read externally? [closed]
NoSQL Database for Banking System [closed]
Why should I use session id in cookie instead of storing login and (hashed) password in cookie?
Change Joomla Administrator URL
What is apache autoindex and should I disable it?
Are passwords stored in memory safe?
How to suppress "An application is requesting access to a protected item" popup
Electron 'contextBridge'
<? or <?php --- is there any difference? [duplicate]
Does AccessController.doPrivileged give JavaScript threads the permissions of the signed Applet?
Centralized vs. Distributed version control security
Javascript XSS Prevention
Should I use GET or POST when requesting sensitive data?
How safe is auth !== null? Firebase

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!