Handling Open Web Application Security As the market dynamics change digital business is quickly becoming the method of choice for any enterprise to offer products and services on-demand to their market applying next-generation information infrastructures with AJAX as an ideal partner to complement modern SOA architectures.

But moving applications to the Web also brings up a lot of questions how to deal with security issues. The OWASP is an open project and a community to help make informed decisions about Web application security risks. In 2007 the most serious web application vulnerabilities (as PDF) were:

1. Cross Site Scripting (XSS)
2. Injection Flaws
3. Malicious File Execution
4. Insecure Direct Object Reference
5. Cross Site Request Forgery (CSRF)
6. Information Leakage and Improper Error Handling
7. Broken Authentication and Session Management
8. Insecure Cryptographic Storage
9. Insecure Communications
10. Failure to Restrict URL Access

For the most prevalent Web application frameworks and especially for open source development, where open source software became the most prominent face of open source the OWASP project represents an excellent ressource to stay informed and make decisions about application security.

The project also provides a comprehensive guide to build secure Web applications and Web services and many recommendations also for projectmanagers, application owners and of course C-level executives.

Labels: ajax, bizdev, security, soa, web2.0

  ¶ 'Handling Open Web Application Security' posted by eA : 12:24 PM  0 comments links to this post