For any project, the start phase is critical for delivering secure applications. Proper security requirements can lead to proper security design. The following discusses eight major issues to consider when analyzing the security requirements for Web applications. 1. Authentication and password management: This is primarily a one-off activity and is done only as part of the project. Someone may ask some questions about authentication and password management: Password Policy: This is a very important issue because of avoiding dictionary attacks related to user credentials. Password hashing algorithm: It is also important to ensure that passwords are encrypted with appropriate encryption algorithms. Password reset mechanism: In order to avoid hackers to modify or intercept passwords, resetting the mechanism is critical. 2, authentication and role management: When analyzing project security issues, be sure to identify all key features and identify who can access these features. This helps to identify a variety of roles and allows access control to be in place. 3. Audit log record. It is important to ask and confirm all of the key businesses associated with the attacks that have occurred because they have a significant impact on the business. An enterprise should be able to analyze audit log records related to these operations. 4. Third-party component analysis. It is also an important issue to ask and analyze whether an enterprise must use a Third-party component. On this basis, the enterprise analyzes known vulnerabilities related to these components and makes appropriate recommendations. 5, input data validation and purification. It is important to ask for and understand and analyze the attributes of the input data and plan for validation and purification of the data. This operation is primarily related to vulnerabilities such as the resolution of Cross-site scripting attacks. Data validation and cleanup also helps to avoid the large-scale occurrence of SQL injection. 6. Encryption and Key management. This is to analyze whether there is a business that needs to be secured, and whether the business requires a handshake (this mechanism can be implemented using a variety of techniques related to the exchange of public or private keys before the business is processed). 7. Source code Integrity: This is a one-time activity and requires completion at the beginning of the project. This helps in the following two areas: the source code should be stored in a well secured control warehouse and with robust authentication and role-based access control under the principle of "least privilege". You should also be concerned about the source code base and related tools. In addition, in the development and transmission of the code, you can also analyze the source code container tools and Code protection issues. 8, the source code management. Discussing the source code review policy is a key issue because it requires automated and manual code-checking issues and, to some extent, affects the overall project time (requiring code review time and repair time for inspection comments). This is a one-off activity and should therefore be completed at the beginning of the project. How does the Web application security threat that users can easily ignore for editorial recommendations guarantee Web application security? Web application Security Top Ten proactive security measures how to develop cloud applications based on Web application security experience? Improve Web application security need to play "combination Boxing" "Responsible editor: Blue Rain Tear TEL: (010) 68476606" Original: Web application security must pay attention to eight major problems Back to network security home
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.