Its been some time i was thinking of the ways on how to apply security in web application project
I don't have much of an knowledge here so i tried getting some ideas :
These are some points which i found :
1) Encode passwords :
a) So one way is to encode your password and store the Hash in the database and then get it whenever you want to access it.
In this way what happens is you dont have to worry about any hack.
b) Some time you might can store your passwords in a completely new place like LDAP is used so that if you passwords are compromised then whole database is not compromised.
2) This is the common one : Use stored procedures and prepared statements for the SQL injections.
3) Provide script exploits by providing HTML encoding to Strings.
4) All important resources which should not be accessed by URL should be kept in WEB- INF.
5) All git hub repository should be private
6) Spring security : Spring provides various things
a) Have an authentication in the service layer that your role is authorized to access DAO layer or DB before making access to DAO layer.
b) Spring security :
The tagline is :
Spring Security is a powerful and highly customizable authentication and access-control framework. It is the de-facto standard for securing Spring-based applications.
Spring security covers two things in a very good manner authorizations and authentication.It provides
Protection against attacks like session fixation, clickjacking, cross site request forgery, etc . And you can integrate it with spring MVC also.
7) Securing your application or web server : This can be done by
a) having seperate server for servers for testing , developement and production.
b) Controlling permissions and privilages over the time.
c) Doing Audits over certain periods of time and many more.
In the last there are various tools online for web vulnerability and hacking like W3AF easy to install and use.
There are many more thing i am still in the search for , i fill give you more fire in that.
Enjoy Coding!
I don't have much of an knowledge here so i tried getting some ideas :
These are some points which i found :
1) Encode passwords :
a) So one way is to encode your password and store the Hash in the database and then get it whenever you want to access it.
In this way what happens is you dont have to worry about any hack.
b) Some time you might can store your passwords in a completely new place like LDAP is used so that if you passwords are compromised then whole database is not compromised.
2) This is the common one : Use stored procedures and prepared statements for the SQL injections.
3) Provide script exploits by providing HTML encoding to Strings.
4) All important resources which should not be accessed by URL should be kept in WEB- INF.
5) All git hub repository should be private
6) Spring security : Spring provides various things
a) Have an authentication in the service layer that your role is authorized to access DAO layer or DB before making access to DAO layer.
b) Spring security :
The tagline is :
Spring Security is a powerful and highly customizable authentication and access-control framework. It is the de-facto standard for securing Spring-based applications.
Spring security covers two things in a very good manner authorizations and authentication.It provides
Protection against attacks like session fixation, clickjacking, cross site request forgery, etc . And you can integrate it with spring MVC also.
7) Securing your application or web server : This can be done by
a) having seperate server for servers for testing , developement and production.
b) Controlling permissions and privilages over the time.
c) Doing Audits over certain periods of time and many more.
In the last there are various tools online for web vulnerability and hacking like W3AF easy to install and use.
There are many more thing i am still in the search for , i fill give you more fire in that.
Enjoy Coding!
nice work Ajit. Thanks a lot it helped me in my project.
ReplyDelete