As much as Web 2.0 and cloud are getting the spotlight I still believe that we haven't gotten our arms around the basics of Web security. Be it OWASP adoption, integrating security in the SDLC, or getting developers/QA staff the proper security training we've still got a long way to go. Unless and until we can address the basics with input validation, securely logging in users, and controlling who can do what/where inside the application...
we're not going to be able to move on to the next big thing and feel good about it.
While no one could claim to a completely accurate estimation of what the future has in store for Web 2.0 applications or their security, I strongly suggest that serious developers for Web 2.0 applications keep their understanding fresh and relevant. To help you build and maintain these skills I have assembled a list of helpful tips and tutorials (located below) on Web 2.0 applications.
- How to get management on board with Web 2.0 security issues
Ways to get management buy-in for Web 2.0 security testing and quality assurance and to bolster application security before deployment are given in this tip.
- Rich Internet applications security testing checklist
Fix common RIA and Web 2.0 application problems caused by Ajax, Flash and other technologies with these tips.
- Spotting rich Internet application security flaws with WebGoat
Learn how Web 2.0. and other rich internet application security flaws are missed by automated tools that can easily be spotted with webgoat and similar free online tools.
Dig deeper on Software Security Testing Tools
Related Q&A from Kevin Beaver
Although there are many tools and best practices for password policies across remote offices, it's important to remember the basics for Windows ...continue reading
Companies without security expertise in-house may consider outsourcing security testing. Security expert Kevin Beaver suggests this is the wrong path.continue reading
Denial-of-service attacks may be impossible to prevent, but that doesn't mean there aren't ways to protect Web applications from them.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.