Web Dev Matters and Me

Web Development Matters - HTML, XML, C#, .NET, AJAX/Javascript(jQuery), CSS, XML-XSLT

ME - LIFE,Philippines, Tokyo, ECE, PhilNITS/JITSE,情報処理, 日本語

things about Philippines, gaming, C# development and web development, how to make money in stock trading

Web Dev Matters and Me

Top 10 Web Application Security Risks

What makes Web Application different from Windows apps or other client apps is that it is accessible remotely and all users can access the same application anywhere. This also eliminates the need to have all users install software upgrades, the developer can update the version on the server. However, web applications are prone to security issues like

1: Injection

- Can be done by simply adding input to invalidate SQL query and add their own potentially dangerous query.
- Can be prevented by filtering the user inputs and have the methods accept specific types of data (parameter based query commands).


2: Cross-Site Scripting (XSS)
- Same with injection. If the inputs available to user are filtered,

3: Broken Authentication and Session Management

4: Insecure Direct Object References

5: Cross-Site Request Forgery (CSRF)

6: Security Misconfiguration
- configs

7: Insecure Cryptographic Storage

8: Failure to Restrict URL Access
- disable directory browsing

9: Insufficient Transport Layer Protection
- SSL

10: Unvalidated Redirects and Forwards


Source: OWASP (http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project)

FB Connect