Securing web applications and infrastructure
Web based applications are growing vastly in number. They are being developed extremely quickly and on multiple different platforms. On top of this, the level of skill required for their development is becoming less and less.
Web applications can provide significant benefit to consumers and businesses and as we move towards an Internet of Things and continue the development of better and faster mobile platforms, their importance will continue to grow.
Software engineers and industry in general have a responsibility to ensure that their products are developed in a manner that is as secure as possible. This is true even if software is simple or does not deliver a function that is safety critical, like the processing of personal data for example.
The level of cyber threat to UK business is significant. To quote the 2014 Information Security Breach Survey (published by BIS), some attacks caused more than £1 million of damage and 87% of small firms experienced a security breach last year, up 10%. 93% of large organisations had also been targeted.
However, the problem is that some of the vulnerabilities being exploited have existed for a significant period of time and are well understood by both criminals and developers. Potential solutions to them are widely available and easy to find.
This guidance aims to identify the vulnerabilities that are being detected most recently by the security industry, explain the problems they cause and suggests ways of avoiding them. No software is ever 100% secure and the level of security required does depend on the environment the application operates in. However, we suggest that there is a basic level of care needed to be taken when developing applications.