- Input handling - properly validate and process inputs from interfaces to protect against cross-site scripting, SQL injection etc
- Authentication and Session Management - authentication processes, encryption and certificate technologies managed through a session
- Access Control - enforce access control rules, restrict access to system resources and functions based on policies
- Error and Exception Handling - logging security-related events such as user log-ins, log-offs and credential changes
- Encryption Services - use encryption to protect sensitive data
- Secure Interfaces - secure interfaces with other applications
Friday, December 14, 2007
Essential Web Application Security
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment