How to improve security of web application

Improving web application security: threats and countermeasures

Innovations in web technologies are gathering pace with an extraordinary power and have already dramatically changed the way people do business. Nowadays, you can find any service you need online, whether it’s a new rent apartment or simply a hair stylist. Alongside this positive wave, all these advantages and new possibilities tempt provocatively bad guys - hackers. The vast amount of sensitive and confidential data (passwords, usernames, credit card information, etc) is floating around the Internet, seducing hackers to think out of the box and create a variety of ways to exploit your system illegally.

What is this situation fraught with? Tattered reputation, loss of customer trust and consequently financial pain.

Take a breath, there’s still a way out! This article presents several fundamental directions that are simple, will improve web application security and teach you to keep it under control.

1. Security by Design

Security by Design means you pay extra attention to security issues from the very start. Basically, from new idea discussion and process planning it’s vital to keep in mind the security is not something that can be done carelessly from scratch whenever you remembered about it.

Follow the path acknowledged by time and stick to the fundamental principles of secure architecture and design. Do not reinvent the wheel and use design patterns that are solid and already work flawlessly.

Strive to design the web system free from vulnerabilities and protected from attacks by applying rigorous measures of continuous testing, strong authentication, and adherence to the most advanced programming practices.

2. Continuous monitoring and intrusion detection

No matter how powerful the protection software you use is, there’s always a possibility to bypass the protection mechanisms and find a tender spot. Imagine the risks if the attacker is your staff member making attempts to violate the company security policy. Therefore, it is so essential to be equipped with continuous security monitoring and timely conduct detection of suspicious activity.

To be sure your application is not trying to be hacked right now, you need to monitor security events on web servers (and in the application) in order to detect suspicious activity and warning events. Those needs you can cover using such a security tool as IDS (Intrusion Detection System). One of the distinct features of Dhound IDS is that it allows keeping a record of all login attempts and creating custom rules to trail events that are particularly critical for your web system.

3. Outgoing traffic monitoring

Very often developers neglect outgoing traffic focusing specifically on attempts to access a server (or log in the system). That is a dead-end road. Outgoing traffic is no less critical to scan since even legitimate system users (malicious employees, for example) can merge data from your system. Any connection to your system missing in the list of trusted ones is an alarming sign since web servers usually work with a very limited number of external services. Developing Dhound IDS we oriented its focus on outgoing traffic for ineligible connections and alerting you about warning ones.

4. Clear incident response process

Incidents should not be a surprise to your IT team. Thus, the task of responding to them would not turn into fire fighting. To give a quick and efficient reply to a cyber threat you need to have a transparent incident management process. It is a valuable practice to prioritize incidents depending on their severity, assign incidents to a responsible person or a team, determine the due time and escalate the dangerous issue if the incident is under the question. For example, the Dhound incident management tool automates the majority of actions in this process thus speeding up incident response and saving your time.

5. Thinking like a hacker

You cannot protect something if you do not know how to hack it. Be one step ahead of your enemies and test, test, test. Regular conduction of penetration testing by third-party companies allows to identify vulnerabilities and their playback scenarios. In-depth analysis will cover these vulnerabilities before attackers find them.

You also can use scanners to search for weaknesses, though they do not provide an unbiased view and concise report of the system security as manual penetration testing. The same way it works with human health, a timely medical checkout is likely to foresee warning signs rather than surfing your symptoms in Internet or ask a friend.

Therefore, even using a scanner, it is crucial for your system state to conduct third-party manual testing at least once a year.

Do not wait until you become a victim of cyber attack. It is much easier to prevent the damage rather than clear up the mess of a cracked system afterward. Be wiser and manage the security of your web application, starting from the first lines of the code.