A tech startup got in touch with us recently to evaluate their technology options for a SaaS application. It had a predominant e-commerce component, and the startup needed an easily maintainable, secure frame work to build their application.
After considering all possible alternatives, Django emerged as the most secure framework which simultaneously met their requirements of easy scalability and low maintenance overhead. To make this decision, we went through the top categories of web application vulnerabilities, and what solutions were available in different frameworks for those threats. In contrast to other frameworks, Django featured built-in defense for all top categories of vulnerabilities. The details are noted here: (more…)
Last week I spoke about SQL injection attacks used to try and gain access to the Administrative Interface on an application sever. This week I will be talking about three other methods used to try and do the same.
Last week I spoke about Session hijacking and methods to secure Authentication details. This week I will be talking about the various types of attacks that are used to try and gain access to the Administrative Interface on the target application server.
Nowadays more and more important data is stored in web applications. These applications expose customer information, financial data and other sensitive and confidential data over the internet. The number of transactions on the web has also increased tremendously. So proper Security Testing of web applications has become a necessity. Over the next few posts, I will be talking about the various types of attacks seen today, and ways to prevent them.