The intention of the book is all about creating awareness in terms of web application security and to support the reader with several examples as well as best practices through the development of secure web applications. Software developers and their customers often do not realize the importance of these requirements within a contract or at least define them superficially. For this reason the objective of the book is to develop an annex comprising common threats and countermeasures as well as necessary adjustments of the software development lifecycle in terms of security to establish a common basis of security understanding between developers, managers, customers and other stakeholders. As a result this book is directed to anyone from developer to decision-maker who wants to get an overview of current web application security flaws and corresponding countermeasures.
The book introduces current web application security threats and elaborates countermeasures in order to avoid or at least to reduce the impact of these flaws. In addition the security software development lifecycle of Microsoft is evaluated in order to avoid flaws in the first place.
Several critical web application vulnerabilities are identified based on intensive research. They were individually ranked according to the related risks. The top five risks elaborated are the following:
- Social Engineering
- (Blind) SQL Injection
- Brute Force
- Insecure Direct Object Reference
- Security Misconfiguration