Web Application Defender's Cookbook: Battling Hackers and Protecting Users

Posted on by Ben Rothke

While far from scientific, a search of web application security vulnerabilities returns over 2,600,000 results.  However you search for it, web applications need to be secured, and insecure web applications are a major problem.

In Web Application Defender's Cookbook: Battling Hackers and Protecting Users, author Ryan Barnett provides a highly technical resource for web application developers.  All of the over 100recipes are valuable tips on how to secure web applications.

In the forward to the book, Jeremiah Grossman of WhiteHat Security writes that a web defenders success comes down to understanding a few key points.  One of those points is that defenders will find themselves responsible for protecting web suites they did not create and have little or no insight into or control over.  That and Grossman’s other observations highlight the imperative for organization to ensure that web application security is made an imperative.

Part of the challenge is that today’s web sites are becoming more complex, with many interrelated connection, protocol and technologies.  While many network infrastructures are a lot more secure; if web applications are not completely locked down, patched and secured, they are simply targets for attackers. 

And the challenge is that even if a network is secured, it will still likely allow web traffic to pass through, given that http is perceived as friendly.  And given that there is a lot that a firewall can’t do; web application defense is a must-have item.

The reality is that securing web sites is difficult.  But for those that want to ensure their web sites are as secure as possible, their developers should certainly implement the delicious recipes in Web Application Defender's Cookbook: Battling Hackers and Protecting Users.

Ben Rothke

Senior Information Security Manager, Tapad

data security

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community

Related Blogs