Posts Tagged ‘Web Application Security’

Web Design – A Useful and Interesting Tool for Business

Tuesday, August 2nd, 2011

Web Design – A Useful and Interesting Tool for Business

The term business web design is understood by most people in their own way. Everyone has some idea of what web design is all about, but ultimately it appears nobody defines it correctly. Certain components such as graphic design or programming are involved in any discussion, but their importance in the process of making a website definitely varies from person to person and from site to site.

There are three major aspects of creating a good website design:

Content:

This include the shape and organization of website content. It includes how the text is written, how it is organized, presented and structured using technologies like HTML, CSS, XHTML, DHTML, AJAH, JASON, etc.

Appearance:

This refers to the organization of screen space on the website. This packaging is usually done using the above-mentioned technological tools, Flash and can include graphic elements as an ornament of navigation. The visual side of the site – it is – an obvious aspect of Web design art.

Technology:

Website Developers play an important role to choose the right technology for your site. It is possible to use a variety of basic Web technologies like HTML, CSS, XHTML, DHTML, AJAH, JASON, a technology in this context often means different interactive elements created using different programming methods. These elements may be in the range of languages, operating on the client side, like JavaScript, to server applications such as Java-servlets. Programming technologies such as PHP / MySQL and ASP / SQL should also be noted.

Tags: , , , ,
Posted in Web Design | No Comments »

Google chrome plugins for testing Web Application Security

Friday, August 27th, 2010

Here, there is a list of best Google Chrome extensions for testing web applicaiton development security.

  1. WebDeveloper

  2. Firebug Lite

  3. Pendule

  4. Chrome Web Developer Tools

  5. Simple REST Client

  6. View Selection Source

  7. Domain Details

  8. Chrome Sniffer

  9. User-Agent Switcher

  10. Unencrypted Password Warning

Tags: , , ,
Posted in Web Application Security, web application development | No Comments »

Common Security Problems in Web Applications can be avoided

Friday, April 23rd, 2010

In the last few years a rising number of web programmers have started understanding that the codes they write do play a major part in the overall security of a website. Despite the fact that the administrators install firewalls, which keep off-the-shelf software with updated and secure communication along important encryption, there are also various ways to hit the logic of the custom made application code itself.

There are apparently an unlimited number of diverse logical glitches that possibly will direct to vulnerable security problems in a web application. But even though the number of glitches may be countless, many of the most regularly happening glitches may be put in one of the following rather restricted set of categories:

  • Malfunction to deal with meta characters of a subsystem
  • Approval problems due to giving too much trust in input

That’s only two categories, and they wrap up much of the web application security buildup available in the last 7-8 years or so. Today, many developers are well-known with an attack called SQL Injection.

Some are also well-known with Cross-site Scripting – actually HTML Injection. There’s also XML Injection, XPath Injection, LDAP Injection, C Null-byte Injection, and a plethora of other injection problems, plus the seldom-described Legacy System Injection. They’re all part of the “malfunction to agreement with meta characters of a subsystem” category.

The best part about SQL Injection is that it mutely passes through all the layers of firewalls and does its work profound inside the system. It’s not limited itself to shutting down servers. Everything achievable through SQL can be probable through SQL Injection, incorporating fetching, modifying and deleting information. Most of the developers knew how to protect against both SQL Injection and Cross-site Scripting.

Actually, they hadn’t taken a step back and appreciated what made those attacks possible. If they had, they would have thought “meta character problem” as soon as they begin using the semicolon as a delimiter. The first step in the fight against meta character problems, is to recognize when certain characters become meta characters. This characteristically happens when developers join data and control information and pass them on to some scanner. Perceptibly, an SQL statement will be parsed when sent to a database server and an HTML document will be parsed when sent to the user’s browser. But there are less clear parsers or scanners as well. As an example, when working with strings in programs written in C, a null-byte will mark the end of the string.

Many common security problems in web applications may be avoided if programmers learn and focus on two things while coding: First that every single piece of input to the application is under the user’s control, and second that much subsystem may give special meaning to definite characters in the data.

When security counts, count on PLAVEB.

Tags: , , , , , ,
Posted in Web Application Security | No Comments »