Introduction

1. Introduction
2. Web application vulnerabilities
3. Securing user registration
4. Building a secure login form

With the switch of the web from the academic and military environment over to everyone, some years ago, security has become of great concern for every web developer. Assuring the users that the web application is secure is a relief for both users and companies. This article discusses some of the things you should keep in mind when building secure web applications. We will also expose some security threats that you might not be aware of, and offer simple solutions for preventing them. Starting with an abundance of fake accounts to data corruption or application take-overs, the web is not a safe boulevard.

This article tries to shed some light on the imminent dangers on the web, and help build security awareness among developers.

Why worry about security?

Daily, dozens of web applications fall prey to various attacks. While some of them might pass unnoticed, others are more severe, resulting in loss of data, or unveiling of confidential material to competition or even the public.

Not only small applications that live in their corner of the web are in danger. Even major portals or online communities can be affected, the most recent case being the MySpace. user that became the most popular over night.

Just think about important financial data being supplied to a rival company, or made public on your homepage. If you do not want your web application to be one of the victims, it's time to act now, and learn about the security risks that lie ahead.

Almost all web applications have some form of security implemented already. This ranges from an user authentication system, to complex data validation and data encryption. No matter how powerful the principle however, if it is badly implemented, it will do you no good. Whether or not your application is secure, you'll have to read and find out.

While the security of your web server or database server is of equally paramount importance, this article only covers web application security. To learn more on how to secure your web server, consult the security section on the user manual, or scour the net for various articles. An interesting article which presents security tips for Apache can be found here.