Introduction On How To Secure A Web Application

”How to secure a web application

Let us start the discussion on "how to secure a web application" by defining first what is a web application. According to Wikipedia, "a web application or web app is a client-server computer program which the client runs in a web browser" In layman’s term, a web application is a software program stored online that we access using a web browser.

Examples of web applications:

  • Gmail, Yahoo mail, and Microsoft Outlook
  • Google Docs, Google Sheets, and Google Play
  • Netflix, Facebook, Twitter, etc.

On the next sections, we’ll be talking about security issues related to web apps and we’ll discuss the different ways on how to secure a web application.

How To Secure A Web Application: Web Application Vulnerabilities

In order to know how to secure a web application, we’ll enumerate first the most common vulnerabilities. According to OWASP (Open Web Application Security Project), here are the top 10 application security risks:

  • Injection - the attacker injects code in web forms to execute malicious commands like get all the usernames and passwords stored in a database.
  • Broken Authentication - having a weak authentication system allow attackers to compromise your network or business.
  • Sensitive Data Exposure - most web apps don’t protect sensitive and confidential data leading to identity theft, fraud, among others.
  • XML External Entities (XXE) - outdated and misconfigured XML external entity references will result in disclosure of internal files.
  • Broken Access Control - poorly configured network access control or permission will give attackers the privilege of exploiting these flaws and to do other malicious activities.
  • Security Misconfiguration - attackers would exploit systems which are unprotected, unpatched, and misconfigured.
  • Cross-Site Scripting (XSS) - cybercriminals would execute malicious code in your web browser which can lead to session hijacking.
  • Insecure Deserialization - the concept here is similar to the XML external entities vulnerability but this one applies to a broader scope of data formats such as JSON (JavaScript Object Notation), BSON (aka Binary JSON), and YAML (YAML Ain't Markup Language).
  • Using Components with Known Vulnerabilities - attackers will exploit known vulnerabilities in software modules, libraries, etc. which are part of a larger system or program.
  • Insufficient Logging and Monitoring - cybercriminals will often probe systems that lack some form of monitoring or logging of unusual activities.

We’ve outlined OWASP’s top 10 web application vulnerabilities. In the next section, we’ll learn the various ways on how to secure a web application.

How To Secure A Web Application: Methodologies

If we now know the vulnerabilities of a web app, therefore we can formulate and create our own web application security checklist. This will outline the different ways on how to secure a web application. Here’s our take on this:

  • 1. Information gathering - For us to know more about how to secure a web application, we should always conduct research first. We should be able to identify all the loopholes, glitches, and vulnerabilities in each web application. Consider using a tool for this kind of task like a cloud-based vulnerability scanning program.
  • 2. Planning a strategy- having a good plan also answers the question on “how to secure a web application” We have to prevent harmful input from end users by filtering the data entered on the web forms and be able to come up with a strong validation process. We can use a filtering technique using a program that allows whitelisting.
  • 3. Encrypting data - how to secure a web application from transmitting data clearly or in the open? We can make use of SSL inspection method to secure you from HTTPS attacks. Try to encrypt also other areas of your network that needs to be protected.
  • 4. Educate everyone - providing training on web application security or information security is also a good thing do. This will make your employees aware of the possible things that a cybercriminal can do to your organization or business.
  • 5. Minimal permissions - provide access to network resources only to those who need it in your organization. Check user privileges and see if anyone else has equal rights with the administrator. Usually, the attacker will try to get administrator-level privileges to do malicious things in your network.

These are just some of the ways on how to secure a web application. By now you should be familiar with the definition of what a web application is and the vulnerabilities associated with it. You also learned some of the methods on how to secure a web application. To know more about this, kindly click here.