Today bringing your business online is a must in an effective business development strategy. Thus more and more sensitive data is moving to the web which brings new application security and information confidentiality challenges.
Complex Approach to Securing Web Applications
The most secure web applications are those that are developed initially with security in mind. 7Outsource specialists follow a holistic approach to designing, building and supporting secure web applications. We address security issues on all application tiers (web server, application server and database).
While developing secure web applications we analyze vulnerability categories and potential threats (external or internal) depending on application scenario and technologies used. This enables us to develop an effective security architecture and take proper countermeasures.
Vulnerabilities and Potential Threats
Authentication
Network eavesdropping, Brute force attacks, Dictionary attacks, Cookie replays, Credentials theft
Authorization
Privilege elevation, confidential information disclosure, data tampering
Input Validation
Buffer overflow, cross-site scripting, SQL injection
Sensitive Data
Sensitive data discloser, network eavesdropping, data tampering
Configuration Management
Unauthorized access to application administration, hacking of configuration data
Securing Practices and Countermeasures
- Partition of public and restricted areas
- Proper credentials verification and storage
- Communication channels securing using SSL
- Account disablement policies
- Proper password handling
- Authentication data protection
- Multiple gatekeepers
- Authorization granularity
- System level protection
- Strong access controls
- Role-based security
- Thorough input validation
- Centralized validation strategy
- Proper input filtration
- Proper database access
- Role-based access to sensitive data
- Data encryption
- Sensitive data on demand approach
- Proper information storage and secure communication
- Role-based administration with strong authentication
- Restricted access to configuration data
- Secure communication channels for remote administration (SSL, VPN)
- Proper information storage and secure communication
The above vulnerabilities are just a part of a bigger list. Internet, intranet or extranet applications each has its specific security issues and challenges that need to be analyzed and addressed.
Securing Applications through Development Life Cycle
From initial stages of the software development cycle 7outsource specialists thoroughly consider security implications. This allows defining potential risks early and implementing effective countermeasures.
Securing Categories and Practices
- Threat Modeling
- Security Design Practices
- Security Architecture
- Code Development and Review
- Technology Related Threats
- Security Testing
- Deployment Review
Development Life Cycle Phase
- Architecture Design
- Implementation
- Testing and Stabilization
- Deployment and Maintenance
Application Security Consulting
