Posts Tagged Web Application Security

Application Security Tips For Developers

27 February, 2017

Mobile applications play an integral part in our daily lives. Right from online shopping, banking, gaming to controlling IoT devices and tracking fitness level, there is an app for almost every task that we perform regularly. Considering the extensive usage of apps, hackers are continually looking for vulnerabilities that can be exploited to initiate an online attack. Therefore, developers need to follow stringent testing procedures to ensure that the mobile apps are secure and do not provide a backdoor to the hackers.

Listed below are some useful application security tips for developers:

Create A Secure Code

There are a lot of vulnerabilities in an application’s source code that can provide an easy access to the hackers. You must make sure that the code you write is absolutely confidential. If possible, encrypt the code so that it cannot be read by anyone who doesn’t have the decryption key. Perform constant source code scanning to test for any vulnerabilities right from the beginning of the app development process.

Secure The Network Connections At The Back End

The web servers accessed by your application programming interface (API) should also have proper security measures in place. Sensitive information transmitted between the app’s server and the user must be protected against eavesdropping. You can consider carrying out vulnerability scan and penetration test to ensure that the data is secure.

Input Data Validations

Input validation is the first line of defense from attacks against your application. In order to design a secure application, you should always test and retest the input entered by the users. It is important to ensure that the data entered is consistent to what the specific form field is designed for. If the data does not match the expected set of value, such as a number in place of alphabets, it may hamper the proper functionality of the application.

Actively Deny Bad Requests

You should be familiar with the types of data and programs accessed by your application. User requests that can potentially jeopardize the security of your app must be actively blocked. Unsupported headers, excessively long URLs, unusual characters and other unlikely requests can be eliminated by using an application firewall.

We, at Centex Technologies, provide complete network security services to the business firms in Central Texas. For more tips to secure your web applications, feel free to call us at (855) 375 – 9654.

,

No Comments

What Are Web App Attacks?

April 29, 2015

Web app attacks are among the most common types of data breaches posing serious threat to a business’ cyber security. These attacks can jeopardize the functioning of your website, inhibit its performance and in most cases, crash the website completely. As most web applications run in the browser, any potential security flaw can permit hackers to exploit the vulnerabilities in the apps and damage the business website.

Common Web App Attacks:

  • Cross-Site Scripting (XSS): These attacks use a vulnerable web application to send malicious client side code to be executed by the end user. Once this is done, the hacker can have access to browser’s session tokens, cookies and other sensitive data.
  • SQL Injections: This type of attack manipulates the vulnerabilities in the web apps in order to gain access to the databases and other information that they hold. These may include things such as email addresses, names, telephone numbers, postal addresses, bank account information, credit card details etc.
  • Cookie Poisoning/Hijacking: A number of web applications use cookies to save and retrieve user information like login id, password and email address. Cookie poisoning allows the hacker to access unauthorized information about the user to create new accounts or penetrate the existing account.
  • Directory Traversal: It is a form of HTTP attack in which the cybercriminal installs malicious software on the web server. If the attempt is successful, the hacker can have access to the restricted directories and execute commands that are outside of the server’s root directory.
  • Remote Command Execution: This allows the hacker to execute remote and random commands on the host computer through a vulnerable web application. These attacks are largely possible due to insufficient input validation.

Counter Measures Against Web App Attacks

  • Set Safe Permissions: Most often, the web apps are attacked due to the preventable vulnerabilities present in them. Make sure you set safe permissions for your files so that they can be written or executed only by the web server.
  • Scan For Vulnerabilities: This is extremely important to identify the potential vulnerabilities in your application that may make it open to cyber-attacks.
  • Use Application Firewall: Installing and regularly updating firewall can also provide an added layer of defense against web app attacks.
  • Restrict Unauthorized Users: Make sure that the write access to your files should be given to a limited number of users. This is applicable both for the server side and web app backend.

We, at Centex Technologies can help you evaluate and implement web app security measures in your organization. For more information, you can call us at (855) 375 – 9654.

, ,

No Comments