Today bringing your business online is a must in an effective business development
strategy. Thus more and more sensitive data is moving to the web which brings new
application security and information confidentiality challenges.
Complex Approach to Securing Web Applications
The most secure web applications are those that are developed initially with security
in mind. Wenso specialists follow a holistic approach to designing, building
and supporting secure web applications. We address security issues on all application
tiers (web server, application server and database).
While developing secure web applications we analyze vulnerability categories and
potential threats (external or internal) depending on application scenario and technologies
used. This enables us to develop an effective security architecture and take proper
countermeasures.
Vulnerabilities and Potential Threats
|
Securing Practices and Countermeasures
|
|
Authentication
Network eavesdropping, Brute force attacks, Dictionary attacks, Cookie replays,
Credentials theft
|
- Partition of public and restricted areas
- Account disablement policies
- Proper credentials verification and storage
- Proper password handling
- Authentication data protection
- Communication channels securing using SSL
|
|
Input Validation
Buffer overflow, cross-site scripting, SQL injection
|
- Thorough input validation
- Proper input filtration
- Centralized validation strategy
- Proper database access
|
|
Authorization
Privilege elevation, confidential information disclosure, data tampering
|
- Multiple gatekeepers
- Authorization granularity
- Role-based security
- Strong access controls
- System level protection
|
|
Configuration Management
Unauthorized access to application administration, hacking of configuration data
|
- Role-based administration with strong authentication
- Secure communication channels for remote administration (SSL, VPN)
- Restricted access to configuration data
- Least privilege approach
|
|
Sensitive Data
Sensitive data discloser, network eavesdropping, data tampering
|
- Role-based access to sensitive data
- Sensitive data on demand approach
- Data encryption
- Proper information storage and secure communication
|
The above vulnerabilities are just a part of a bigger list. Internet, intranet or
extranet applications each has its specific security issues and challenges that
need to be analyzed and addressed.
Securing Applications through Development Life Cycle
From initial stages of the software development cycle Wenso specialists thoroughly
consider security implications. This allows defining potential risks early and implementing
effective countermeasures.
|
Threat Modeling
|
Architecture Design
|
Architect(R), Developer(I), Tester(I)
|
|
Security Design Practices
|
Architecture Design
|
Architect(R), Developer(I)
|
|
Security Architecture
|
Architecture Design
|
Architect(R)
|
|
Code Development and Review
|
Implementation
|
Developer(R), Tester(I)
|
|
Technology Related Threats
|
Implementation
|
Developer(R)
|
|
Security Testing
|
Testing and Stabilization
|
Tester(R), Architect (C), Developer (I)
|
|
Deployment Review
|
Deployment and Maintenance
|
System Administrator (R), Architect(C), Developer(I), Tester(I)
|
Legend: R – Responsible, C – Consulted, I - Informed
Contact us to help you build and operate a highly secure
and feature-rich web application.