Bhushan Gupta, Gupta Consulting, LLC.
There have been some significant web security breaches in “Corporate America” Sony, Target, and Home Depot, to name a few. Such breaches not only impact corporations financially, they also tarnish the brand image. The customers loyal to the corporations lose their confidence in their private data security and take their business to safer pastures, thereby financially impacting the business. Both corporate America and Government agencies are working towards controlling cyber security threats.
This paper is focused on raising awareness about Web application security. It starts with an exposure to the fundamentals of Web security (Vulnerability, Threat, Risk, Exposure, and Controls), discusses control types, and touches on the principles of the Zachman Architecture and The Open Group Architecture Framework. It then dwells into the “Top 10” OWASP (Open Web Application Security Project) most critical Web application threats including, SQL Injection, XSS (Cross Site Scripting), and CSRF (Cross Site Request Forgery). Furthermore, it provides some approaches to mitigate risks to make a Web application more secure.
The paper is a self-study of Web Security and is intended to provide the necessary information to raise audience awareness.
Target Audience: Intermdiate