About

My Photo

Archives

More...

Partners

Categories

Subscribe to this blog's feed
Blog powered by TypePad

Important Links

Disclaimer

  • The individuals who post here work at SharedBook Inc. and SharedBook Ltd (collectively “SharedBook”). The opinions expressed here are their own and may not reflect the opinions of SharedBook. The information here is not guaranteed to be complete, correct or up-to-date and SharedBook does not warrant the reliability of any advice, opinion, statement of other information displayed here. SharedBook reserves the right to correct any errors or omissions on this blog and to remove any inappropriate comments within the scope of our User Agreement at any time without notice.

Smart Button

« Books and Bytes ..... | Main | Role Reversal - Hello from New York »

December 17, 2007

Keeping Up with Web Application Security

Web development is a complex realm since you need to know different technologies and how they interact. You have server components that run in the back-end such as the database and the business logic and on the other hand client code running in the browser. These components are sometimes developed using different programming languages and tools. On top of that you have to know how to deploy the server architecture that drives the database and business logic and on the browser side you sometimes need to know a number of different technologies such as HTML, CSS, JavaScript (AJAX) and Flash.

Because of this complexity the whole issue of Web related security and privacy is very challenging. As part of trying to keep up with this challenge a couple of our developers attended the OWASP Israel 2007 Conference.

OWASP (The Open Web Application Security Project) is a worldwide free and open community focused on improving the security of application software. The OWASP community includes educational organizations, commercial companies, and individuals from all over the world. Together, OWASP forms an application security community that works together to create methodologies, documents and tools that are freely available for the entire world to use.

Some of OWASPs interesting and useful projects include :

  • OWASP Top Ten - a document that lists the 10 most serious Web application vulnerabilities, discusses how to protect against them, and provides links to more information
  • OWASP Guide -  a massive document covering all aspects of Web application and Web service security
  • OWASP WebScarab -  a tool for performing all types of security testing on Web applications and Web services

The conference (which BTW was free) turned out to be a very good one and our developers returned with new and relevant information about issues such as Cross Site Scripting (XSS) and Cross Site Request Forgery (CSRF) and much more. Even though we have taken both security and privacy into consideration when developing our application since day one, we still have to constantly stay alert for new threats and techniques.

Posted by Ze'ev Bubis at 02:20 PM |

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d8341cce0053ef00e54fa7899e8833

Listed below are links to weblogs that reference Keeping Up with Web Application Security:

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

Verify your Comment

Previewing your Comment

Posted by:  | 

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment