While far from scientific, a search of web application security vulnerabilities returns over 2,600,000 results. However you search for it, web applications need to be secured, and insecure web applications are a major problem.
In Web Application Defender's Cookbook: Battling Hackers and Protecting Users, author Ryan Barnett provides a highly technical resource for web application developers. All of the over 100recipes are valuable tips on how to secure web applications.
In the forward to the book, Jeremiah Grossman of WhiteHat Security writes that a web defenders success comes down to understanding a few key points. One of those points is that defenders will find themselves responsible for protecting web suites they did not create and have little or no insight into or control over. That and Grossman’s other observations highlight the imperative for organization to ensure that web application security is made an imperative.
Part of the challenge is that today’s web sites are becoming more complex, with many interrelated connection, protocol and technologies. While many network infrastructures are a lot more secure; if web applications are not completely locked down, patched and secured, they are simply targets for attackers.
And the challenge is that even if a network is secured, it will still likely allow web traffic to pass through, given that http is perceived as friendly. And given that there is a lot that a firewall can’t do; web application defense is a must-have item.
The reality is that securing web sites is difficult. But for those that want to ensure their web sites are as secure as possible, their developers should certainly implement the delicious recipes in Web Application Defender's Cookbook: Battling Hackers and Protecting Users.