Scribd
Upload
128 views30 pages

Web Application Security: Abdirahman Mohamed Hassan

Web application security deals specifically with securing websites, web applications, and web services. It is important to consider security throughout the entire development lifecycle of a web application. Common threats include cross-site scripting, SQL injection, denial-of-service attacks, buffer overflows, and cross-site request forgery. Proper authentication, authorization, integrity, availability, and confidentiality of data are important concepts to consider for web application security.

Uploaded by

Official Aminho
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
128 views30 pages

Web Application Security: Abdirahman Mohamed Hassan

Web application security deals specifically with securing websites, web applications, and web services. It is important to consider security throughout the entire development lifecycle of a web application. Common threats include cross-site scripting, SQL injection, denial-of-service attacks, buffer overflows, and cross-site request forgery. Proper authentication, authorization, integrity, availability, and confidentiality of data are important concepts to consider for web application security.

Uploaded by

Official Aminho
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 30

WEB APPLICATION SECURITY

Abdirahman Mohamed Hassan


Disclaimer

• The information provided in this talk is meant


to be used for legal and ethical purpose only.
• It is only for awareness among the
participants and viewers.
• I am not responsible for what you do with this
resource provided.
WEB APPLICATION SECURITY
Difference between WEB APP and WEBSITE
Developing
Websites

 Websites are basically collections of web pages. You access them using a
browser. You're basically just supposed to read and look at everything
that's on a website, and that's the majority of your experience as a user.
When you read the content on a website, your goal is to learn
something and to absorb the information.

  
 One of the main things that separates a website from a web application
is that websites aren't interactive for the users. Websites provide and
present content for readers. When people go to NY Times, they're
reading the articles and looking at the images, and that is the main way
they interact with the web presence.
Web Applications
 Web applications are defined by being interactive. You're supposed to
use a web application in order to perform a function and use some of
the web applications features. Lots of web applications don't even have
real informative content or data exactly. People are just supposed to
use them in order to perform additional tasks, using their features to
accomplish something. You use a web application to check your
incoming messages, for instance, or play a game.
Introduction

• Web application security is a branch of Information security.


• It specifically deals with
1. Websites,
2. Web application and
3. Web services.
WEP APP VS WEBSITE
 The browser capabilities involved with web applications are
significantly more high-tech, which is one reason why it's usually
harder for people to design a web application than a website.

 Websites are all about getting more data, and web applications are all
about doing things. One of your actions is probably going to be getting
more information or learning more information, but the web
application helped you perform that action. You got the information
from a website.
The Line Between Web Applications and Websites

 You might notice that web applications and websites can blur together
in some cases. The New York Times website and most other websites
have comment sections, and you do interact with those. Of course, the
comment section itself could be considered a web application, but it is a
web application on a website like the New York Times.
 Websites are becoming more interactive today in many cases. Web
applications often involve information retrieval of some kind. However,
websites are still showcases of content at the end of the day, and web
applications are tools that people can use in the Information Age, which
characterizes their separation even today.
The web application requires a web server to manage requests from
the client, an application server to perform the tasks requested, and,
sometimes, a database to store the information.
Introduction

Why to Secure Web App?

“A vulnerability in a network will allow a malicious user to exploit a


host or an application. A vulnerability in a host will allow a malicious
user to exploit a network or an application. A vulnerability in an
application will allow a malicious user to exploit a network or a host.”

Application interacts with users. User can be malicious.


Vulnerability at application being exploited can cause entire system
damage.
WHY WEB APPLICATION SECURITY IS IMPORTANT IN
EVERY STEP OF WEB APPLICATION DEVELOPMENT
Why to Secure Web App?

“A vulnerability in a network will allow a malicious user to exploit a


host or an application. A vulnerability in a host will allow a malicious
user to exploit a network or an application. A vulnerability in an
application will allow a malicious user to exploit a network or a host.”

Application interacts with users. User can be malicious.


Vulnerability at application being exploited can cause entire system
damage.
 Therefore, highest standards of security should be the key highlight of
your web application. In fact, effective security measures should be
taken right from the web application development process. This is
because if your application is not tested and validated against security
threats right from the initial stages of development, it may fail to
protect valuable corporate data and resources from malicious attacks.
Why to Secure Web App?

Interaction
with user

Malicious User Application Business Logic & Server


Importance of Web Application Security
Testing
 To build a highly secure web application, it is vital to work upon a
security development lifecycle. Security is a key element that should be
considered throughout the application development lifecycle, especially
when it is designed to deal with critical business data and resources.

 Web application security testing ensures that the information system is


capable of protecting the data and maintaining its functionality. 
six important security concepts that
should be considered during web
application development phase are:

 Confidentiality: Vital data should be accessible only to authorized users


 Authentication: It helps establish the identity of the user
 Authorization: To authorize the user, he/she need to perform an action
or receive a service like OTP
 Integrity: The security measure allows the receiver to determine that
the data is correct
 Availability: Communication and information should be readily
available, as required
 Non-repudiation: It helps prevent later denial of an action that
happened    
Benefits of a web application

 Web applications run on multiple platforms regardless of OS or


device as long as the browser is compatible
 All users access the same version, eliminating any compatibility
issues
 They are not installed on the hard drive, thus eliminating space
limitations
 They reduce software piracy in subscription-based web applications
(i.e. SaaS)
 They reduce costs for both the business and end user as there is
less support and maintenance required by the business and lower
requirements for the end user’s computer
Web Application vs. Network Security
Network security

 Network security is the process of strategizing a defensive approach to secure


your data and resources over the computer network infrastructure against any
potential threat or unauthorized access. It uses software as well as hardware
technologies to achieve the optimal solution for network defense. [
 A network is secure only when it possesses the components that constitute the
“CIA Triad.”
 CIA triad is a distinguished model for the development of network security
policies within an organization. It deals with the three crucial areas of security,
namely, Confidentiality, Integrity, and Availability.
 Networking fundamentals
 The fundamentals of network security are:
 Physical security
 Access controls
 Authentication
 Accountability
Types of Network Security

 Network security acts as a wall between your network and


any malicious activity. This wall will remain penetrable
until you opt for the best solution to protect it.
 Antivirus and Antimalware Software
 Application Security
 DLP
 Email Security
 Endpoint Security
 Firewalls
 IDS and IPS
 Mobile Device Security
 NAC
 VPN
 Wireless Security
Web application security
 Web application security is a central component of any
web-based business. The global nature of the Internet
exposes web properties to attack from different locations
and various levels of scale and complexity. Web
application security deals specifically with the security
surrounding websites, web applications and web services
such as APIs.
What are common web app security
vulnerabilities?

 Attacks against web apps range from targeted database manipulation to


large-scale network disruption. Let’s explore some of the common
methods of attack or “vectors” commonly exploited.

 Cross site scripting (XSS) 


 SQL injection (SQi) -
 Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks 
 Buffer overflow 
 Cross-site request forgery (CSRF) 
Web Application Security

You might also like