Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

Guide To Security Vulnerabilities For Web Applications

ISACA : 26 October, 2011  (New Product)
ISACA has published a guide that details the vulnerabilities and strategies required to overcome them for web applications
Guide To Security Vulnerabilities For Web Applications
The use of web applications has soared recently, due to the significant value they can add to enterprises by providing innovative ways to interact with customers. However, so have the dangers. Along with the benefits of these capabilities come security vulnerabilities that create dangerous risk and exposure. ISACA, a global association of 95,000 IT security, assurance and governance professionals, has issued a new, free white paper, titled Web Application Security: Business and Risk Considerations, which outlines the causes of web application vulnerabilities, examines the associated risk and impacts, and provides advice to mitigate risk. The guidance applies to all types of software development activities.

New web applications are client-server based and platform independent, require less computing power, and can be seamlessly integrated with online resources and services. Their use can result in time and cost reduction of processes, increased customer satisfaction, and increased revenue. However, web application vulnerabilities open the door to the exploitation of sensitive corporate information, disruption of service and theft of intellectual property. Some common vulnerabilities identified in the white paper include:

* SQL injection
* Cross-site scripting
* Insecure direct object reference
* Information leakage
* Insufficient anti-automation

Marc Vael, CISA, CISM, CGEIT, CISSP, Director of the Knowledge Board and Chairman of the Cloud Computing Task Force at ISACA said: “Organisations are performing more and more high-value or highly confidential transactions through the internet thanks to the insight in the many new opportunities and benefits.  But in many cases we notice that executive management is not (made) fully aware of the real security risks.”

Vael continued: “On the contrary, managers tend to push hard to go ahead and launch the web solution(s), even when these are not properly tested.  Thus a lot of assumptions and a false sense of trust reigns in many organisations on the security of their web applications, until it is too late.”

Included in Web Application Security: Business and Risk Considerations are the following strategies for addressing web application risk:

* Security measures must be mandatory components that are included early in the process.
* Programmers must be trained in secure coding techniques.
* There must be a robust quality assurance process in place to enforce continuous, controlled quality testing.
* Deployed applications must be continuously monitored for newly discovered vulnerabilities.
* Decisive action must take place to address any vulnerabilities found.

Vael said: “In order to challenge the security expectations, ISACA highly recommends to review the web application security for all active solutions in order to find out where it can be improved in a tangible manner.”  
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo