Securing web applications and infrastructure

  • techUK techUK
    Tuesday13Jan 2015
    Reports

    This guidance aims to identify the vulnerabilities that are being detected by the security industry, explain the problems they cause and suggests ways of avoiding them.

Securing web applications and infrastructure

Web based applications are growing vastly in number. They are being developed extremely quickly and on multiple different platforms. On top of this, the level of skill required for their development is becoming less and less.

Web applications can provide significant benefit to consumers and businesses and as we move towards an Internet of Things and continue the development of better and faster mobile platforms, their importance will continue to grow.

Software engineers and industry in general have a responsibility to ensure that their products are developed in a manner that is as secure as possible. This is true even if software is simple or does not deliver a function that is safety critical, like the processing of personal data for example.

The level of cyber threat to UK business is significant. To quote the 2014 Information Security Breach Survey (published by BIS), some attacks caused more than £1 million of damage and 87% of small firms experienced a security breach last year, up 10%. 93% of large organisations had also been targeted.

However, the problem is that some of the vulnerabilities being exploited have existed for a significant period of time and are well understood by both criminals and developers. Potential solutions to them are widely available and easy to find.

This guidance aims to identify the vulnerabilities that are being detected most recently by the security industry, explain the problems they cause and suggests ways of avoiding them. No software is ever 100% secure and the level of security required does depend on the environment the application operates in. However, we suggest that there is a basic level of care needed to be taken when developing applications.

Securing web applications and infrastructure - A techUK... (pdf)

Share this

FROM SOCIAL MEDIA

We are proud to support the @theWISECampaign on this project. Sign up to be a role model or encourage girls to take… https://t.co/tzgqHK2NVB
The Modern Slavery Act review interim report on supply chain transparency has been published & calls for major cha… https://t.co/aslXhYNGNo
If you were unable to attend our #Brit_twin event yesterday, have a read of @Keumars' @ITPro take on the proceedin… https://t.co/gSpeefzyiy
Great read from @racheljanetwolf in @tes where she covers the findings from @techUK's recent survey of tech parents… https://t.co/18RWf7k6eA
CALLING ALL TECHIES. Knowing how to motivate others is key to success and happiness in the workplace, so if you're… https://t.co/yw1eIDVzCW
There is still time to complete our GovTech SME Survey! https://t.co/mlUsFLVJLK https://t.co/s3XY2fx7X7
A must read from @techUK's very own @jrussell002 on how we need a total re-think if we are to deliver future mobili… https://t.co/uApLQChxZz
Final contribution from our last panel at #Brit_twin events - collaborate, focus and fund in order to get the benef… https://t.co/5PPpTYXoCc
Panellists at our #Brit_twin event now discussing thorny issue of funding - how can we deliver incremental value an… https://t.co/r7NAUT97o2