Developer's Guide to Web Application Security

By now, you should be asking yourself "Is there anything else I can do to secure my Web applications against malicious hackers?" We have stepped back from the developer's chair and looked at development as a hacker would see it. We have looked at CGI Bin scripts and the vulnerabilities associated with them. We have had a chance to examine Java and Java applets, XML, ActiveX, ColdFusion, and Mobile Code. We have addressed almost every topic relevant to hack proofing your Web applications. This last chapter ties all the previously discussed methods together, and introduces a security plan. Very often, simple common sense will assist you greatly.
As hard as you try, chances are good that your Web site still will not be secure enough to protect your organization from all attacks by malicious hackers. At the very least, you need a well-rounded balance of security. By now, you realize that security does not happen at just the application or network level. Security should happen everywhere. The more security in place, the more successful you will be at thwarting attacks.
As a developer, you should look deep within the work you are doing and the work your co-workers are doing and check your own code for security holes. Examine your operations and review the code from cradle to grave, understanding that vulnerabilities probably exist. How exploitable is your code? That question needs to be answered. One thing on our side is the advancement of information security within high-tech organizations. That is...