Web App Security Considerations

Image via Wikipedia

With the prominent security breach at Gawker and a major email marketing vendor recently having similar issues, web app security has been brought to the forefront. Web app security is a real challenge due to the continual arms race with crackers and all the technology plus process issues related to a large scale SaaS product.

Here are a few web app security considerations:

  • Encrypt passwords one way as a hash with a salt in the database
  • Require passwords to be more complicated than simple words (e.g. minimum of eight characters, minimum of one number, minimum of one upper case letter, etc)
  • Provide IP address checks via email confirmation for user authentication and allowed IP ranges
  • Enable secondary authentication like PINs and challenge questions to go along with a standard password
  • Track failed sign-in attempts and expire passwords based on policies

Of course, there are many other considerations but this is a starting point for web app security. My recommendation is to consider this type of functional early on in the engineering process.

What else? What other web app security considerations would you add?

One thought on “Web App Security Considerations

  1. A big one for me is input validation. There are a variety of threats in that area to be concerned with. Buffer overflows, SQL injections, and cross-site scripting are just a few.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.