Wednesday, 13 April 2016

5 Web Application Security Bodies Developers Should Know About



INTRODUCTION
Web applications form the back bone of web based networks. They are software written to run on the internet and make websites as dynamic as possible. Online social networks, payment portals and the likes cannot exist without web applications. However many web applications are plagued with security flaws that can have disastrous effects if exploited. Efforts have been made by many nonprofit software security organizations to help counter this problem. Developers out there need to know about these bodies or communities and embrace their services. In this post I’ll discuss five top organizations that are contributing immensely to the progress of web application security.

Open Web Application Security Project (OWASP)            
OWASP is an open community with a collection of free and open source security tools and documentations that help organizations develop, purchase and maintain applications that can be trusted. Professionals at OWASP carry out cutting edge research and publish latest information about new security flaws, thereby creating awareness among developers that follow trends in the field of web application security. OWASP provide updates on top 10 security flaws that security conscious developers must watch out for. Other products and services offered by OWASP are; worldwide conference, standard security controls, and complete books on application security testing, secure code development, and secure code review. It is believed at OWASP that the most effective approaches to application security is by seeing it as a people, process, and technology problem.

Web Application Security Consortium (WASC)
WASC is a nonprofit web application security organization made up of an international group of experts, industry practitioners, and organizational representatives who produce open source to standardize the web security. While OWASP list out top 10 web attacks, WASC generally classify attacks into 6 categories.


United States Computer Emergency Readiness Team (US-CERT)
This is another body that responds to security issues as parts of it emergency service. Yes, web application security is an emergency as failure to address web application security issues can lead to horrific consequences like compromising the database of a whole nation. US-CERT provides tips on how to identify vulnerabilities and suggest solutions as well as examples on how to implement them.

SANS Institute InfoSec Reading Room
This is another reliable body when it comes to providing information about recent web application research and attack reports. Visit SANS to know better about this body.


Imperva’s Application Defense Center (ADC)
Imperva’s ADC periodically carry out analysis on web applications to identify security flaws and publish up to date reports. The reports normally shows the prevalence of attacks and the geographical locations they mostly originate from. New kinds of security flaws in program logic are also identified. Graphical illustrations gives readers a quick overview of recent attack trends.


CONCLUSION
Like securing against terrorist attack is the duty of every citizen of a nation suffering from insurgency (a need to be watchful), web application security is the duty of everyone using the internet especially web application developers. Common users can help by reporting any unusual internet activity they notice while developers should share flaws discovered with online security communities and international web application security bodies like OWASP and WASC. This will go a long way in developing counter measures that will further harden web applications against attacks. I hope this post has been useful and I’ll like to thank you for reading.

0 comments:

Post a Comment

Add a comment here

WhatsApp Dp