As much as Web 2.0 and cloud are getting the spotlight I still believe that we haven't gotten our arms around the basics of Web security. Be it OWASP adoption, integrating security in the SDLC, or getting developers/QA staff the proper security training we've still got a long way to go. Unless and until we can address the basics with input validation, securely logging in users, and controlling who can do what/where inside the application...
we're not going to be able to move on to the next big thing and feel good about it.
While no one could claim to a completely accurate estimation of what the future has in store for Web 2.0 applications or their security, I strongly suggest that serious developers for Web 2.0 applications keep their understanding fresh and relevant. To help you build and maintain these skills I have assembled a list of helpful tips and tutorials (located below) on Web 2.0 applications.
- How to get management on board with Web 2.0 security issues
Ways to get management buy-in for Web 2.0 security testing and quality assurance and to bolster application security before deployment are given in this tip.
- Rich Internet applications security testing checklist
Fix common RIA and Web 2.0 application problems caused by Ajax, Flash and other technologies with these tips.
- Spotting rich Internet application security flaws with WebGoat
Learn how Web 2.0. and other rich internet application security flaws are missed by automated tools that can easily be spotted with webgoat and similar free online tools.
Dig Deeper on Software Security Testing Tools
Related Q&A from Kevin Beaver
Many organizations are still vulnerable to the Heartbleed flaw. Expert Kevin Beaver explores the merits of an OpenSSL-specific risk assessment.continue reading
Expert Kevin Beaver explains how behavioral detection and traffic analysis helps combat advanced malware, as well as whether it is a more effective ...continue reading
Monitoring VPN traffic is a critical task. Expert Kevin Beaver explains what to look for in a VPN traffic monitoring tool and offers a few free and ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.