As much as Web 2.0 and cloud are getting the spotlight I still believe that we haven't gotten our arms around the...
basics of Web security. Be it OWASP adoption, integrating security in the SDLC, or getting developers/QA staff the proper security training we've still got a long way to go. Unless and until we can address the basics with input validation, securely logging in users, and controlling who can do what/where inside the application we're not going to be able to move on to the next big thing and feel good about it.
While no one could claim to a completely accurate estimation of what the future has in store for Web 2.0 applications or their security, I strongly suggest that serious developers for Web 2.0 applications keep their understanding fresh and relevant. To help you build and maintain these skills I have assembled a list of helpful tips and tutorials (located below) on Web 2.0 applications.
- How to get management on board with Web 2.0 security issues
Ways to get management buy-in for Web 2.0 security testing and quality assurance and to bolster application security before deployment are given in this tip.
- Rich Internet applications security testing checklist
Fix common RIA and Web 2.0 application problems caused by Ajax, Flash and other technologies with these tips.
- Spotting rich Internet application security flaws with WebGoat
Learn how Web 2.0. and other rich internet application security flaws are missed by automated tools that can easily be spotted with webgoat and similar free online tools.
Dig Deeper on Software Security Testing Tools
Related Q&A from Kevin Beaver
Android Oreo replaced the allow unknown sources setting with a new feature that enables users to selectively install unknown apps. Kevin Beaver ...continue reading
Several vulnerabilities were recently discovered in Android bootloaders via the BootStomp tool. Kevin Beaver explains how they work and what risk ...continue reading
Equifax's Apache Struts vulnerability was an example of a scan not being read correctly. Kevin Beaver explains vulnerability scans and how issues can...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.