Awareness: Web Application Security

April 13, 2008 at 8:38 · Tags: , , , , , , , , , , , , , , , , , , , , , , , ,

Developing a web applications is often articulated as easy and a good thing for new programmers to start with. Many books and tutorials have been written on the subject, and many frameworks and programming languages have been built to facilitate quick construction of web applications. Just one thing bothers me about this, many of the books and tutorials ignore many of the security issues that are related to building web applications. This fact might explain why we do have such a huge number of insecure and vulnerable web applications around on the net.

Anyway, it is not just bad – a number of initiatives have been formed to communicate the need for security and web-based applications. One of these initiatives is OWASP, which is an open-source application security project. The OWASP community includes corporations, educational organizations, and individuals from around the world. This community works to create freely-available articles, methodologies, documentation, tools, and technologies.

OWASP’s most successful documents include the book-length OWASP Guide and the widely adopted OWASP Top 10 awareness document. The most widely used OWASP tools include their training environment WebGoat, their penetration testing proxy WebScarab, and their OWASP .NET tools. OWASP includes roughly 100 local chapters around the world and thousands of participants on the project mailing lists. OWASP has organized the AppSec series of conferences to further build the application security community.

Hopefully initiatives like OWASP will provide up-coming web developers with a awareness of the security issues related to development of web application and enable them to avoid the classic pitfalls in web application security. At least so far I have learned a lot from OWASP articles and guides.

Related posts:

  1. Google Gives Away Web App Security Tool
  2. PHP Source Code Security Audit Tool
  3. 68 Linux Related Free E-books
  4. Voices That Matter: GWT – Security
  5. Test your environment’s security with BackTrack
  6. Popular Photoshop Tutorials
  7. Firefox Flash Interaction Bug: I Cannot Click In Flash Application e.g. Youtube
  8. Top 15 Free SQL Injection Scanners
  9. Howto Install Ruby and Ruby on Rails on Debian Etch 4.0
  10. Germany warns users against Internet Explorer

Comments (2)