There are literally thousands of Web-related vulnerabilities and you'd go crazy and spend an awful lot of money trying to rid your Web-based systems of every little flaw. The biggest issues I see are cross-site scripting, authentication mechanism weaknesses, and application logic vulnerabilities. If you focused just on those three things you'd easily eliminate 90+ percent of your Web vulnerabilities.
In the case of software security, your best offense is a strong offense and an equally strong defense. Identifying issues before an application is launched is your best bet when offering up a stable online app. If you look below you will see I have collected a battery of Web 2.0 and application security tips and articles. These should prove invaluable to you and anyone else concerned with Web security.
- Free Web proxy security tools software testers should get to know
Learn which free Web proxy tools work best and how to use ones like, BurpProxy, Paros Proxy and WebScarab to boost rich Internet applications' security.
- How to get management on board with Web 2.0 security issues
Ways to get management buy-in for Web 2.0 security testing and quality assurance and to bolster application security before deployment are given in this tip.
- How to make your software tamperproof
Learn ways to tamperproof and secure your software app from this chapter of the book, Surreptitious Software: Obfuscation, Watermarking, and Tamperproofing for Software Protection.
Dig deeper on Software Security Test Best Practices
Related Q&A from Kevin Beaver
Microsoft's Sysinternals suite of free tools may not specifically support Windows 8 yet, but it is still very useful, even for admins supporting the ...continue reading
The Windows 8 UI hasn't won any popularity contests, but there are workarounds for it, unlike for Windows 8 Metro apps and Windows XP or Windows 7.continue reading
Even after the Windows XP end of support, many IT shops still use the OS. Virtual desktops and custom support can help, but is it time to bite the ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.