AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Csrf tokens3/24/2023 In order to develop secure web applications you have to keep up to date on all layers and know your enemies. In order to prevent attacks, minimize their impact and remove points of attack, first of all, you have to fully understand the attack methods in order to find the correct countermeasures. Or an attacker might be able to install a Trojan horse program or unsolicited e-mail sending software, aim at financial enrichment, or cause brand name damage by modifying company resources. The threats against web applications include user account hijacking, bypass of access control, reading or modifying sensitive data, or presenting fraudulent content. This is because web applications are relatively easy to attack, as they are simple to understand and manipulate, even by the lay person. The Gartner Group, however, estimates that 75% of attacks are at the web application layer, and found out "that out of 300 audited sites, 97% are vulnerable to attack". And it depends on all layers of a web application environment: The back-end storage, the web server, and the web application itself (and possibly other layers or applications). Security depends on the people using the framework, and sometimes on the development method. In general there is no such thing as plug-n-play security. Ruby on Rails has some clever helper methods, for example against SQL injection, so that this is hardly a problem. In fact one framework is not more secure than another: If you use it correctly, you will be able to build secure apps with many frameworks. Some of them also help you with securing the web application. Web application frameworks are made to help developers build web applications.
0 Comments
Read More
Leave a Reply. |