© Elena Kichigina/Shutterstock

CHAPTER 9
Mitigating Web Application Vulnerabilities

WEB APPLICATIONS ARE AN ESSENTIAL PART of the online experience. Every day, companies roll out web applications to increase the appeal, functionality, and interactivity of their websites. These applications can take the form of portals, shopping carts, web mail, online auctions, forms, discussion groups, and more. For all the good these web applications introduce, they also bring a host of new vulnerabilities and security threats. Malicious users may invade a website through backdoor access of an unsecured web application, completely circumventing perimeter security measures.

This chapter details the causes of these vulnerabilities and the largest targets for web applications. In addition, this chapter contains information on secure coding best practices to help mitigate these risks from the beginning. To help understand changes that are made to any web application source code, software development configuration management is essential; it tracks and controls any changes made. Revision-level tracking identifies what information was changed during any update, as well as when and by whom. The final section outlines how to mitigate web application vulnerabilities and what the best practices are. It is important to keep these aspects in mind when designing any web application because security of user data is essential to online components.