We all use web applications everyday whether we consciously know it or not. That is, all of us who browse the web.Now a days we have seen a significant surge in the amount of web application specific vulnerabilities that are disclosed to the public. No web application technology has shown itself invulnerable, and discoveries are made every day that affect both owners and users security and privacy.
Security professionals have traditionally focused on network and operating system security. Assessment services have relied heavily on automated tools to help find holes in those layers,so we need some guideline to build secure web application apart from networking and operating system concept.
Software is generally created with functionality first in mind and with security as a distant second or third. This is an unfortunate reality in many development shops. Designing a web application is an exercise in designing a system that meets a business need and not an exercise in building a system that…
View original post 889 more words