Home > Articles > Securing a Web App at the Last Minute

Securing a Web App at the Last Minute

Article Description

While consumers and the media are increasingly aware of the risks to confidential information over web apps, firms still tend to focus on development, leaving data security until just before the go-live date. Ajay Gupta points out that last-minute steps are available to improve the security of your apps before launching them onto the Internet.
Testing Plan

Testing Plan

Given these restrictions, we suggested performing a comprehensive and automated vulnerability scan, along with an external penetration test against the hosted web application and the supporting network infrastructure. While this solution wasn't perfect, it would provide solid information on the security posture of the environment and actionable recommendations on additional measures (as appropriate) that could augment the existing level of security.

Our efforts would certainly include scanning for the Open Web Application Security Project (OWASP) Top Ten security vulnerabilities, including SQL injection, cross-site scripting (XSS), and cross-site request forgery (CSRF), as well as typical network-based vulnerabilities including open ports and insecure services.

The information we require from the web application is the public IP address and/or address range to target. Given the short timeframe for testing, we received additional information about the application that wasn't strictly required, but could help focus our investigation into the application and the search for vulnerabilities—such as the supporting operating system, database, hardware, and programming language used. This additional information saved some time that we would normally spend in the vulnerability analysis, footprinting, and research stages. We also selected a mutually convenient time and asked the client to inform their staff as well as their hosting provider of the scheduled time for the penetration test.

4. Testing and Findings | Next Section Previous Section