Application Security

  • Home
  • /
  • Application Security
image

With the exponential increase in internet usage, companies around the world are now obsessed about having a web application of their own which would provide all the functionalities to their users with a single click. In this quest for providing the customers with one-click-done options, all the sensitive data is shifted on to a server which is then accessed by a web application. Web applications control valuable data as they have direct access to the backend database. With a simple well crafted malicious payload a hacker can now get all the information from database. So it's crucial that the web applications need to be secure enough to handle the attacks.


Securing Web applications:


It's now apparent that securing web applications is essential for the companies to be in business. The real question is how to achieve that. Below are some of the checks that are in place to ensure that security holes in the web application are identified:
1. Threat Modeling deals with identifying threats, attacks, vulnerabilities, and countermeasures for your application in the design phase.
2. Security Code Reviews comes into picture at the end of development phase. The entire code is inspected to find vulnerabilities.
3. Manual Penetration Testing is done after the application is deployed in some environment. The application is attacked and assessed for vulnerabilities.


Web Inspect:

Web Inspect is a web application security scanning tool offered by HP. It helps the security professionals to assess the potential security flaws in the web application. Web Inspect is basically a dynamic black box testing tool which detects the vulnerabilities by actually Performing the attack. After initiating the scan on a web application, there are 'assessment agents' that work on different areas of the application. They report their results to 'security engine' which evaluates the results. It uses 'Audit engines' to attack the application and determine the vulnerabilities. At the end of the scan you can generate a report called 'Vulnerability Assessment' Report' which would list the security issues in desired format. Using this report client can fix the issues and then go for validation scanning to confirm the same. As with every other tool there are both advantages and disadvantages associated with using Web Inspect.