Software QA FYI - SQAFYI

Web application security -- How to prevent attacks

By:

Web application security -- How to prevent attacks

The battle against hackers is a difficult one. An attacker needs to find only one vulnerability to break in, while you need to find all of them to keep him out. That may seem like an impossible task, but if you can think like an attacker you can block his entry before he gets there. This guide introduces you to popular Web application attacks and provides tips, techniques and advice for keeping the bad guys out.

TYPES OF ATTACKS
Before you can protect your Web application, you need to know what you're protecting it from. Learn what attacks are most prevalent and the damage they can do.

PREVENTION TECHNIQUES WHEN GATHERING REQUIREMENTS
Security features, like other features in software, are initiated in the requirements elicitation and analysis phase. Learn how to use threat modeling and misuse cases, among other techniques, to determine security features that ought to be included.

PREVENTION TECHNIQUES FOR DEVELOPERS/DESIGNERS
Developers and designers have their own techniques for making sure software doesn't have security flaws. Learn how code reviews and source code analysis can help identify vulnerabilities.

PREVENTION TECHNIQUES FOR TESTERS
Software testers have a number of different tests at their disposal to help identify security flaws, including input validation, penetration testing, white box testing and black box testing. Learn about what they do and how to run them.

WEB APPLICATION SECURITY TOOLS AND SERVICES
In many cases, tools can help detect security flaws and advise on how to fix them.

Full article...


Other Resource

... to read more articles, visit http://sqa.fyicenter.com/art/

Web application security -- How to prevent attacks