Access controls are one of the easiest areas of web application security to understand, although a well-informed, thorough methodology must be carefully applied when implementing them. First, there are several obvious pitfalls to avoid. These usually arise from ignorance about the essential requirements of effective access control or flawed assumptions about the kinds of requests that … Read more
As with any new class of technology, web applications have brought with them a new range of security vulnerabilities. The set of most commonly encountered defects has evolved somewhat over time. New attacks have been conceived that were not considered when existing applications were developed. Some problems have become less prevalent as awareness of them … Read more
There is no doubt that web application security is a current and very news-worthy subject. For all concerned, the stakes are high: for businesses that derive increasing revenue from Internet commerce, for users who trust web applications with sensitive information, and for criminals who can make big money by stealing payment details or compromising bank … Read more