Web Application Security
Everything you wanted to know about web application security, from tooling to terminology to major frameworks.
Learn about web application security
When it comes to securing your business, applications are one of the most crucial elements to protect. Applications are a common entry point for attackers looking to cause harm.
This collection of articles provides an introduction to web application security, some of the major frameworks and attack types, and the different tooling and approachs to securing web applications.
What is web application security?
- Why is web application security important?
- How do I tackle web application security?
- What if a security incident happens despite our best efforts?
What is OWASP?
- What is OWASP’s main value?
- What are the main resources on OWASP and where is a good place to start?
- What’s next?
- How can I get involved?
The OWASP Top Ten
The main ways applications are vulnerable
- Areas of risk for an application
- Areas of risk in the server-side environment
- Areas of risk on the client-side environment
The different approaches to web application security testing
- What are the primary security testing techniques?
- Automated vs. manual tools: Which are better?
- One more thing...
What is SAST?
- What are SAST tools?
- How do SAST tools work?
- What are the available analyzers?
- Advantages of SAST
- Disadvantages of SAST
- How to overcome SAST limitations
What is DAST?
- What are DAST tools?
- How do DAST tools work?
- Advantages of DAST
- Disadvantages of DAST
- How can you overcome the limitations of DAST?
What is WAF?
- How did WAFs come about?
- What are the different types of WAFs?
- How does a WAF work?
- What are the main advantages of using a WAF?
- What are the main drawbacks of using a WAF?
- Are WAFs alone sufficient to ensure web application security?
What is RASP?
- How do RASP solutions work?
- Why did RASPs come about?
- What are RASP's advantages?
- What are RASP's limits?