100 likes | 111 Vues
In this blog, we will discuss the top 9 tips on making your web app safe and secured.<br><br>Itu2019s better to take precautions than to feel sorry later. Implement the top tips listed above with the help of the best web development company in India.<br><br>https://medium.com/quick-code/how-to-secure-web-apps-a-web-app-security-checklist-bb27cf049d1d<br><br>
 
                
                E N D
Get started Open in app Quick Code How to Secure Web Apps — A Web App Security Checklist Follow Ajay Kapoor Aug 26, 2021 · 6 min read These days, web apps are increasingly becoming integral to our lives as they are used everywhere in the world. However, they often lack the kind of protection that traditional software and operating systems have, making them vulnerable to both
internal and external sources. As per Cyber Security crimes, the rate of cybercrimes is to cost the world $10.5 trillion by 2025. The rise of ransomware, XSS attacks have become a nightmare for established business enterprises worldwide. However, with the right strategy, you can e몭ectively escape cyber threats. Do you know the most concerning cyber threats? Here’s what the experts feel. Source: Statista The rise of cyber threats has made web app security increasingly important, especially since some of the most well-known institutions in the world have been breached at one point or another because of their security 몭aws.
Here are the Top 9 Tips on Making your Web App Safe and Secured: 1) Web Application Scanners Web application scanners test your sites for various vulnerabilities, such as SQL injection or cross-site scripting (XSS). A more advanced tool used by web developers to check out is a Burp Suite, which o몭ers a broader range of testing features and takes more time to master than more straightforward tools. If you’re building an e-commerce site, make sure that you always run it through at least one type of scanner before going live. Some systems will automatically perform these scans when you update them and alert you if they 몭nd any problems — so make sure those are turned on! Scanning tools aren’t perfect; they occasionally return false positives or report issues that are harmless — be vigilant in double-checking their 몭ndings before taking action based on them! 2) Don’t Use Easy-to-guess Passwords Most people are familiar with using some variation of their name, birthday, or favorite sports team to create a password they won’t forget — but those passwords are also likely to be stolen by hackers. Hackers’ most common trick is to access user databases full of clear-text passwords (in other words, not scrambled) that can then be used for malicious purposes like identity theft or distributed denial-of-service attacks.
Source: Statista Data Breaches They can easily decode these passwords from usernames because many people use easy-to-guess combinations like admin, password, or 12345. The best way to avoid being part of that statistic is by choosing strong passphrases instead: sentences or poems that you can remember but aren’t easy for others to guess. 3) Use Subdomains Instead of Host Names You can’t eliminate security risks, but you can make yourself a more challenging target to hit by using subdomains instead of hostnames to separate your work and personal life on a single device or server. 4) Disable Integrated Windows Authentication (IWA) Integrated Windows Authentication is a Microsoft network protocol that uses either clear-text passwords or encryption challenge/response authentication over TCP port 139 to authenticate users when logging on to servers. It gets enabled by default in Internet Information Services (IIS) 6 but can be disabled via IIS Manager or Windows Registry Editor if desired by an administrator or system owner.
Disabling IWA is typically done to avoid exposing users’ usernames and passwords over a network connection. However, it also disables NTLM authentication, which can be an issue if you have non-Microsoft clients connecting to your server with legacy operating systems like Windows 95, 98, etc. Apple computers were running Mac OS X version 10.3 or earlier before Kerberos supported Mac OS X. 5) Set up a CAPTCHA CAPTCHA simply stands for Completely Automated Public Turing test to tell Computers and Humans Apart (sometimes called a human veri몭cation system). CAPTCHA is generally used on a website to verify that you are human. Still, it has many other uses in computing, such as password recovery, computer logins, user authentication, making forms accessible to adaptive technology software like screen readers (software that reads text on screen). Or keyboard-only navigation interfaces, preventing automated spam submission on webmail services. The list goes on! It’s a handy tool when dealing with potentially problematic automatic input from users. 6) Test your Site Regularly for Vulnerabilities Cookies are typically used to store session information or shopping cart data. But keeping sensitive information such as passwords, credit card numbers, social security numbers in cookies is very risky. It can be easily captured through various means (including browser malware) or even
inadvertently disclosed in log 몭les that are often stored on a server, along with cookies that are not automatically cleared between sessions. Instead, you should consider using some form of database storage to save session data that will help minimize potential exposure if someone happens to access it inappropriately. For example, some browsers support SQLite databases, which can be used in place of cookies if properly con몭gured. 7) Implement Secure Web Server Con몭guration Settings The Apache HTTP Server is responsible for hosting almost two-thirds of websites on the Internet today, making it one of the most famous pieces of software in history. That also means more people use it than ever before to test new, vulnerable code — code that blackhats can exploit. These malicious hackers create viruses to steal 몭nancial data from unsuspecting victims or plant malware on servers that infect thousands of others via email or downloads. Keeping Apache secure is a must if you plan to run a website with sensitive information on it. Here are some con몭guration changes you can make to increase security. 8) Avoid Putting Sensitive Data in Cookies
Cookies are supposed to be tiny bits of information that websites use to keep track of information for things like logged-in users or a user’s shopping cart on an eCommerce site. However, if you’re working with sensitive data like usernames or passwords, storing it in a cookie is very risky. If someone steals your cookies from one site, they could use them to access other parts of your sites as well. Make sure any sensitive data is encrypted before storing it in a cookie so that anyone else can’t read it even if they steal it from you. Alternatively, store that information in a database instead so that there’s no risk of getting it stolen. Cookie theft is a signi몭cant concern in e-commerce, especially since cookies are easily read by sni몭ng tra몭c and can easily get stolen over an unencrypted Wi-Fi connection. They are used to hold vulnerable encrypted credentials if your site isn’t served over SSL/TLS or if encryption keys have been stored in clear text inside of them — not good! If you’re looking for a quick way to make your cookies more secure, ensure they don’t contain any sensitive data, like credit card numbers or passwords. 9) Keep Testing while Deploying Updates Regularly creating and executing penetration tests will help you identify vulnerabilities in your code that hackers could exploit. Penetration testing simulates real-world attacks to see how far an intruder can get into a system. In addition, manual pen tests may not reveal speci몭c design or architecture 몭aws that automated tools can detect. If you don’t 몭x these 몭aws, they could enable intruders to breach a network or conduct malware attacks on web application users. Testing after deployment also helps ensure that new code doesn’t create more vulnerabilities than patches. Every time you add functionality to a program, it opens up security holes, so thorough testing is crucial to ensuring integrity while updating applications.
Wrapping Up It’s better to take precautions than to feel sorry later. Implement the top tips listed above with the help of a leading web development company in India. Sign up for Developer Updates By Quick Code Receive weekly updates about new posts on programming, development, data science, web development and more Take a look. Your email Get this newsletter By signing up, you will create a Medium account if you don’t already have one. Review our Privacy Policy for more information about our privacy practices. Web Development Web Website Design Web Design Security
29 WRITTEN BY Ajay Kapoor Follow Hey, I’m Ajay, a tech blogger working with PixelCrayons who loves to share his extensive tech-related knowledge with like-minded people. Quick Code Follow Find the best tutorials and courses for the web, mobile, chatbot, AR/VR development, database management, data science, web design and cryptocurrency. Practice in JavaScript, Java, Python, R, Android, Swift, Objective-C, React, Node Js, Ember, C++, SQL & more. More From Medium 6 Niche search engines you can explore Techpremiumdomains USDT CryptoFarm (05/19/2021) — Earn 8% Expected Annualized Return OceanEx Official Australian Crypto Rules Will Usher in Monetary Overhaul Daysofcrypto Just finished Defcon 2017! Serge Romero XSL Labs | DID XSL Labs Upcoming NFTs and 250,000 $HOPR Treasure Hunt Rik Krieger in HOPR Home Networking: Enable Pi-Hole On Asus Routers Ali Bahraminezhad
EOSIO Weekly Update w/ Corey Cottrell & Jimmy D (3.4.2021) Jimmy D About Write Help Legal Get the Medium app