Warning! This post is not containing deep technical information. This post aims to introduce security to newbies.
Your web app seems working properly. But is it working securely? Most people omit security.
Developing security in mind is a must.
Developing web application is a complex business and it has many potential points of vulnerability.
Feeling secure about your application is not going to come after reading some blog posts. Learning it from scratch will take time. Troy hunt mentioned it as 19 months for him, in his e-book’s (OWASP Top 10 for .NET developers) foreword. It can be hard but you don’t have a choice. You gotta start somewhere and this post will guide you where to start…
The good place to start web app security is OWASP Top 10 documents.
It will open your eye. You can start to see possible vulnerabilities. You need to be aware of what is going on?
OWASP’s document warns us about the common security mistakes. And the number 1 mistake is injections, number 2 is XSS. They both occur if developer trusts the inputs.
So our number one security rule is “Any data entering to your application is untrusted. Do not trust any input! And validate always”
You should also take a look at Troy Hunt’s free e-book named “OWASP Top 10 for .NET developers” if you are a .net developer you can enjoy more but even you are not developing with .net it is still worth reading.
After reading OWASP Top 10 you may want to be sure about your SSL knowledge. And here is an excellent source “SSL Implementation Security FAQ”
And you will need some tools to ensure your apps security. The first tool you need is Fiddler.
Download and install Fiddler Fiddler’s UI can seem complicated. Don’t worry you will get used to it. Watch the demonstration videos of Fiddler You will become a fiddler guru one day :p
The real tool you need is a web vulnerability scanner. Download and install Netsparker Community Edition Do your first web application security scan to the testsparker sites. (aspnet.testsparker.com, php.testsparker.com)
Testing the test sites will show you so many vulnerability samples and information that tells you how to fix that vulnerability. Maybe at first you will not understand some of the vulnerabilities but day by day you will get more secure.
Category: Security - Comments Off on Where To Start Learning Web Application Security