Arkadiusz Roussau, Author at Vavatech
Best Practices for Web Application Security

Best Practices for Web Application Security

It is said that “a chain is only as strong as its weakest link”. In terms of Web application security we might consider the end user as the main point of vulnerability.
However, there are methods that can be implemented to reduce the chance of running into web application security problems.

According to cluth these are the top five types of web app attacks.

Top 5 Types of Web App Attacks (Q2 2017)

In this post, we’ve rounded up five particularly important web application security best practices to keep in mind as you harden your web security.

XSS (Cross Site Scripting)

XSS vulnerabilities arise where web applications dynamically include data from users without proper validation. Using JavaScript embedded on a web page, a malicious user can control the victim’s browser bypassing normal security restrictions. To protect against XSS, all scripting tags should be encoded and validated on server-side. Frameworks like JSF provide components for an easy XSS protection.

SQL Injection

SQL injection usually occurs when you ask a user for input, like their username/userid, and instead of a name/id, the user gives you an SQL statement that you will unknowingly run on your database. To mitigate vulnerability to SQL injection, every input provided by user should be escaped by special characters. Limiting the permissions on the database to only what is needed may help reduce the effectiveness of potential SQL injection attack.

Vulnerable Data

Any critical data stored in the database must always be encrypted. The same goes for communication between backend and frontend in your application. It is worth to note that confidential data should not be passed via GET requests.

Security Misconfigurations

Security misconfigurations are still common even in the enterprise environment. They occur when a system or database administrator does not properly configure framework of an application or server. Running security scans on a consistent schedule can help stop potential leaks. Also remember to run applications with least privileges and keep files for your Web application in a folder below the application root. Users shouldn’t be able to specify a path for any file access in your application. This helps to prevent users from getting access to the root of your server.

Using Components With Known Vulnerabilities

Vulnerabilities in third-party libraries and software are extremely common and could be used to compromise the security of systems using the software. Since it is virtually impossible to write all the code by yourself, keep in mind that regularly upgrading components to new versions is critical. Tools like OWASP Dependency-Check will help you identify project dependencies and check if there are any known, publicly disclosed, vulnerabilities.

Here is why You should consider Java

Here is why You should consider Java

When you decide to develop a robust software which is going to be used and maintained for many years, it is important to choose proper technology stack. Having that in mind, experienced developers often choose Java for enterprise applications like web banking systems. Compared to other languages, Java definitely stands out in many aspects.

Here are five reasons why Java is a great fit for enterprise application development.

Statically typed

Static typing enables earlier detection of programming mistakes, better documentation in the form of type signatures, increased runtime efficiency and a better design time developer experience. Statically typed nature is advantageous in huge projects that many people work on.

Platform independent

Java is cross-platform as the compiled Java program can be run on all the platforms for which there is a Java Virtual Machine (JVM). What is JVM and why is it needed? JVM is a special software that serves as a translator from bytecode to the language of machine codes. Different devices speak different dialects of machine codes. With most languages you have to translate the program into each dialect separately. With Java it is not a problem anymore.

Secure

A program written in Java runs inside virtual machine, hence it is isolated from the operating system. The platform provides a security manager which allows users to run untrusted bytecode in a “sandboxed” environment designed to protect them from malicious or poorly written software by preventing the untrusted code from accessing certain platform features and APIs.

Mature ecosystem

Enterprise applications facilitate a wide range of business processes including data and operations management and resource planning. Java offers a lot of tools, libraries and ODEs that are contributed by Google and other organizations, enabling developers to easily design and implement anything. Many great frameworks like Spring, Struts, JSP, JSF and so on can be used while developing a Java project. That combined with awesome dev tools such as IntelliJ or Android Studio makes whole development process a great experience.

Large talent pool

According to Stack Overflow Java is the fifth most popular programming language and the second if we exclude CSS, HTML and SQL. Java is over 20 years old and is used by millions of developers and billions of devices worldwide.

The most popular programming languages according to Stack Overflow.

The most popular programming languages according to Stack Overflow.

 

All Android apps are based on Java and majority of Fortune 500 companies use Java as a server-side language for backend development. With new versions released frequently, Java is an obvious choice for forward-thinking enterprise.