Ensuring the application security is not only the priority for technology companies, but also for users themselves who expect both an uninterrupted performance and prevention from an unauthorized access. Getting familiar with the list of possible threats of an application, taking them into consideration at the beginning of the designing stage, implementing appropriate steps as well as conducting tests on a regular basis – these are the key elements of building an actual application security.
Security needs to be prepared, implemented and what is the most important – updated. In this respect it is a process, not a one day, one time activity. A good practice, in order to realize how essential and complex this process is, is to familiarize oneself with a list of guidelines of OWASP. In the programming environment it is known as ”Open Web Application Testing Guide”. This list of guidelines is created by software developers from around the world.
As an example, one of the 10 most common mistakes in application security on the Internet is the exposure of sensitive data, such as credit card numbers, passwords or birth dates – so called A6. Sensitive Data Exposure. What happens is that when someone calls out an error in an application, instead of showing him for example a page error „”Error XYZ”, we disclose the whole configuration and a block of the application’s structure. In this way we give him an indirect access to our system.
Another common threat is an injection of an outside code to our application – so called A1 – Injection. In this way the hacker for example can become an admin of our platform or can freely load any account with a prepaid.
That is why it is important first of all to realize the possible threats and afterwards to perform not only internal security tests on a regular basis, but also penetration tests (pen tests). The latter ones, mostly because of the fact that they are performed by external companies which approach our product as professional hackers and let us be ensured that the application is resistant from attacks and errors.