An increase in the usage of web applications is directly related to an increase in the number of security incidents for them. Today, web application security is finally getting more well-known consideration. The daily discovery of new web vulnerabilities and attacks confirms that web applications are not secure. This attention comes with the benefit of it being addressed as a higher priority now. Web application security is a branch of information security that deals particularly with security of websites and web application. Stories about exploits that compromise sensitive data frequently mention culprits such as “cross-site scripting,” “SQL injection,” and “buffer overflow.” These programs create so many risks for web site application such as User accounts being stolen through session hijacking or through the theft of username and password combinations, the ability for attackers to track your visitors’ web browsing performance infringing on their privacy, Abuse of credentials and trust, Link injections, Keystroke logging of your site’s visitors. It may seem like impossible to keep your site away from attackers, but if you can think like an attacker you can block his entry before he gets there. This following guide introduces you to popular Web application attacks and provides tips and techniques to keeping the hackers out of your websites.

Keep an eye on your file permissions
Double check your file permissions: if you have given someone permission to read or write a file, and you both have Fling accounts, then their CGI programs have the same permissions, and a small programming error could give everyone in the world access to your files. It may be helpful to use the “File Security” option from within the seas accounts management site to reset all file settings to only legible by you. Be careful, if you include your website in the reset, it will make it inaccessible via a web browser.


Restrict access to trusted users
It’s usually a bad idea to allow people without accounts to post to your forum, or blog. Spammers and other nasty users often exploit open web applications for their own uses at the expense of you and your legitimate users. In addition, don’t allow people to create accounts on their own without your explicit permission. In addition to unsuitable content, people can upload programs or commands and then trick your program or other users into executing the commands. You need to only allow submissions from trusted users.

Separate dynamic content from static content
If you have a static portion of your website that doesn’t need dynamic scripting, keep it outside your dynamic directories (dynamic, and wiki). It’s also a good idea to save user uploaded files in non-dynamic directories to avoid a malicious user being able to execute code on the server. All data submitted by a user should always be vetted before you do anything with it. Scan files for viruses before accessing or allowing users to download them

Some popular application like WebDefend is an advanced web application firewall that offers customized, behavior-based security for each protected application. It has some great features like inbound and outbound traffic analysis through the patent-pending and bi-directional Exit Control traffic analysis engine that recognize a specific type of information, such as credit card or Social Security numbers. Even it identifies problems and trends in your site URL and session levels in your web application surroundings with out-of-the-box real time views covering performance metrics such as transaction time, error rate, availability and HTTP and Https throughput. It has also SSL attack detection capability which replicates and decrypts SSL traffic streams without terminating the original encrypted session.

Security has always been a holistic solution, requiring all players and systems to work in concert to form a good defense. The current use of most web application security testing tools is still focused on the access information security professional but still we are a fair distance from holding a developer. If you are a online business man and you have a website by which you are earning some money then you should follow these above tips and keep your website safe and get more customer.


View the original article here