Security implementation in Web applications


After working for many years in application development both Windows and Web-based, one is clear to mind is software development is not just writing logical code but also writing business logic in a secure way. As the technology is growing so is the threat to the information. Organizations are always in fear of data being stolen by unauthorized people and misusing it.

This fear is more daunting in case of web applications. So developing secure web applications is becoming more and more challenging day by day. In coming days I will post a series of we post which will focus on developing secure web applications. We will try to understand what are different types of security threats and how to handle those. We will cover following topics in coming days. I will keep them updating whenever I feel that the information is outdated and needs to be updated. Please click on any item in below list to visit the page which provides details about a particular attack and its solution.

  • Click-jacking
  • Cross Site Scripting Flaws
  • Injection Flaws
  • Brute-force password guessing
  • Password Grinding
  • Json Hijacking
  • Buffer Overflow
  • Network eavesdropping
  • Data Tampering
  • Dictionary Attack
  • Elevation of privilege
  • Disclosure of confidential data
  • Luring Attacks
  • Configuration management
  • Session Management
  • Canonicalization attacks
  • Cookie replay attacks
  • Exception Management
  • Parameter Manipulations
  • Cryptography
  • Auditing & Logging
  • Autocomplete in Login Page
  • Cookie without HttpOnly flag set
  • Sensitive Information in URL
  • SSL Cookie Without Secure Flag Set
  • HTTP Banner
  • Cacheable HTTPS Response
  • Authentication


Leave a Comment