登录查看更多内容

点击“继续加入或登录”，即表示您同意遵守领英的《用户协议》、《隐私政策》及《Cookie 政策》。

How do you prioritize web application security?

由人工智能和领英社区提供技术支持

Web applications are essential for many businesses and organizations, but they also pose significant security risks. Hackers can exploit vulnerabilities in web applications to steal data, disrupt services, or launch attacks on other systems. Therefore, web application security is a critical aspect of cybersecurity that requires constant attention and improvement. However, web application security is not a one-size-fits-all solution. Different web applications have different features, functions, and threats, and they need different security measures and priorities. In this article, we will discuss how you can prioritize web application security based on your goals, resources, and risks.

此文章中的业界达人

由社区从 6 条内容中精选。了解更多

1 Assess your web application

The first step to prioritize web application security is to assess your web application and its components. You need to identify what your web application does, who uses it, and how it interacts with other systems and networks. You also need to inventory your web application's assets, such as data, code, libraries, frameworks, APIs, and servers. This will help you understand the value and sensitivity of your web application and its dependencies.

添加您的观点

Chahak M.

CISSP| Award Winning Cybersecurity Leader| Risk Advisor| Author | Mentor | Keynote Speaker | Award Judge
举报内容
In my view, I believe that web application security is like a tailored suit – one size doesn't fit all. Businesses must assess their unique goals, available resources, and potential risks to prioritize suitable security measures. Like a custom suit, a customized security strategy ensures a snug fit for protection against cyber threats.

已翻译

赞
Todd A. Jacobs

Strategic Business Technology Executive ? Cybersecurity, M&A Integration, Regulatory Compliance & Remediation ? Mission-Driven US Army Veteran ? Board Governance & Leadership
举报内容
One way to assess a modern web application is to "follow the data." That doesn't include just your back-end, front-end, and database; it also means you need to trace your data through your network, between microservices, and even through your logging infrastructure. _Everything_ that touches your data, makes or responds to a request, or acts as a foundation to something that does is a possible attack vector. You can't prioritize effectively until you enumerate the risks. Once you do that, _then_ you make an informed decision about where you should focus your time, attention, and resources to _manage_ risks to an acceptable level. It will _never_ be zero!

已翻译

赞
Joe Shenouda

Head of Cyber Defense @ Transavia a.i. | CIO & Co-Founder FenxLabs | Member of Cybermeister
举报内容
Prioritizing web application security is a bit like triage in an ER: you've got to figure out which vulnerabilities are most likely to get exploited and could do the most damage, and tackle those first.

已翻译

赞

2 Identify your threats and vulnerabilities

The next step to prioritize web application security is to identify your threats and vulnerabilities. You need to analyze the potential sources and methods of attacks on your web application, such as malicious actors, malware, phishing, SQL injection, cross-site scripting, or denial-of-service. You also need to scan your web application for existing or potential weaknesses or flaws that could be exploited by attackers, such as outdated software, misconfigured settings, or insecure code. This will help you evaluate the likelihood and impact of different attack scenarios and their consequences.

添加您的观点

Chahak M.

CISSP| Award Winning Cybersecurity Leader| Risk Advisor| Author | Mentor | Keynote Speaker | Award Judge
举报内容
I think it's crucial to start by identifying the threats and vulnerabilities specific to your web application. By understanding potential attack sources and methods, like malware or SQL injection, and assessing existing weaknesses, such as outdated software or misconfiguration, you can better gauge the risks and consequences of various attack scenarios.

已翻译

赞
Mukesh Bhakar

AWS Community Builder | Cloud Security Consultant | Cyber Security | DevSecOps | Cloud Security Architect | Chief Security Officer | Head of Security
举报内容
In web application security, threats and vulnerabilities are ever-evolving challenges. Regularly review your application for common vulnerabilities like SQL injection, XSS, and CSRF. Utilize threat modelling to understand potential risks tailored to your application's unique features. Employ automated tools and manual audits to spot weaknesses, ensuring a secure and robust web environment

已翻译

赞

3 Implement security best practices

The third step to prioritize web application security is to implement security best practices. You need to apply the principles of secure design, development, and deployment to your web application and its components. This means following the standards and guidelines for web application security, such as OWASP Top 10, ISO 27001, or NIST SP 800-53. You also need to adopt the practices of secure coding, testing, and auditing to ensure that your web application is free of errors, bugs, or vulnerabilities. This will help you reduce the exposure and severity of your web application's risks.

添加您的观点

Yariv Tal

Developers Mentor, Secure Coding Evangelist, Startup Founder, Lecturer, Programmer, DBA
(已编辑)
举报内容
Contrary to popular claims, OWASP Top 10 *is not* a standard, nor does it say anything about implementing security best practices (and OWASP are the first to say this). The OWASP Top 10 is a list of the top factors for breaches/insecurity. It's like a list of the top 10 ways people get bumped on the head. If you see "slipping on a banana peel" as #4 that doesn't really tell you anything on how to avoid it. Other resources exist, but they are mostly at the design level. If you're looking for actual *coding* guidelines, I couldn't find anything practical, so I went ahead and co-formulated my own: the Secure From Scratch P.R.E.V.E.N.T security-minded coding principles. Feel free to use them :) (look for "secure from scratch" on linkedin)

已翻译

赞

4 Monitor and update your web application

The fourth step to prioritize web application security is to monitor and update your web application and its components. You need to track and measure the performance, functionality, and security of your web application and its dependencies. You also need to patch and upgrade your web application's assets, such as software, libraries, frameworks, APIs, and servers. This will help you detect and respond to any changes, incidents, or threats that could affect your web application's security.

添加您的观点

5 Educate and train your users and staff

The fifth step to prioritize web application security is to educate and train your users and staff. You need to inform and instruct your web application's users and staff about the importance and benefits of web application security. You also need to teach them the skills and knowledge to use and maintain your web application securely, such as password management, data protection, or incident reporting. This will help you create and sustain a culture of security awareness and responsibility among your web application's stakeholders.

添加您的观点

6 Review and improve your web application security

The sixth step to prioritize web application security is to review and improve your web application security. You need to evaluate and measure the effectiveness, efficiency, and maturity of your web application security. You also need to identify and implement the opportunities, recommendations, and feedback to enhance your web application security. This will help you continuously improve and optimize your web application security and align it with your goals, resources, and risks.

添加您的观点

7 Here’s what else to consider

This is a space to share examples, stories, or insights that don’t fit into any of the previous sections. What else would you like to add?

添加您的观点

Cybersecurity

+ 关注

给文章评分

我们借助人工智能创建了此文章。您认为这篇文章怎么样？

很棒不太好

举报此文章

查看全部

How do you prioritize web application security?

1

2

3

4

5

6

7

1 Assess your web application

2 Identify your threats and vulnerabilities

3 Implement security best practices

4 Monitor and update your web application

5 Educate and train your users and staff

6 Review and improve your web application security

7 Here’s what else to consider

Cybersecurity

给文章评分

感谢您的反馈

更多Cybersecurity相关文章

更多相关阅读内容

How do you prioritize web application security?

1

2

3

4

5

6

7

1 Assess your web application

2 Identify your threats and vulnerabilities

3 Implement security best practices

4 Monitor and update your web application

5 Educate and train your users and staff

6 Review and improve your web application security

7 Here’s what else to consider

Cybersecurity

给文章评分

感谢您的反馈

查看其他技能