However, with the trend toward using web-based applications for … well, basically everything, more attention is being placed on "cybersecurity," a term we've come to know since the very early 1990s and the advent of the web.Today, web applications are a critical aspect of business and everyday life.
By using web applications, both businesses and individuals can simplify and get more things done with fewer resources, achieving objectives much faster than they could before.They no longer need a warehouse full of meticulously organized paperwork.There is little or no need to rely on actual physical mail now for communication.Most marketing efforts are now highly web-focused.Even customer service is now pointing you to websites instead of 1-800 phone numbers.Web applications can help target a proliferating amount of clientele and customers in ways that were never available to before.
BE PARANOID: REQUIRE INJECTION & INPUT VALIDATION (USER INPUT IS NOT YOUR FRIEND)A good rule of thumb is to consider all input to be hostile until proven otherwise.
This prevents bad or possibly corrupted data from being processed and possibly triggering the malfunction of downstream components.
Some types of input validation are as follows:Data type validation (ensures that parameters are of the correct type: numeric, text, et cetera).Data format validation (ensures data meets the proper format guidelines for schemas such as JSON or XML).Data value validation (ensures parameters meet expectations for accepted value ranges or lengths).There is a whole lot more to input validation and injection prevention, however, the basic thing to keep in mind is that you want to validate inputs with both a syntactical as well as a semantic approach.
Encryption itself does not prevent interference in transmit of the data but obfuscates the intelligible content to those who are not authorized to access it.Not only is encryption the most common form of protecting sensitive information across transit, but it can also be used to secure data “at rest” such as information that is stored in databases or other storage devices.When using Web Services and APIs you should not only implement an authentication plan for entities accessing them, but the data across those services should be encrypted in some fashion.