Security!!
What security measures are considered when designing a web-application (besides the SSL encryption)? And what technologies are used to protect the application from brute-force, phishing, and pharming attacks."
Software/Hardware used:
Software/Hardware used:
ASKED:
June 24, 2008 7:30 AM
UPDATED:
June 25, 2008 1:57 PM
Answer Wiki:
You need to protect yourself against SQL Injection attacks. If you are worried about someone brute forcing a password, setup a method within the database so that when a user types in a password wrong a counter is ticked. When the values of the counter reaches a number you decide (5, 10, etc) the account is disabled until the person contacts the Customer Service / Help Desk department.
Phishing there isn't anything you can do about as that is when someone puts up a page that looks like yours on another web site and tries to get people to go to that site. The only defense here is customer education.
Other things to think about are firewalls, DDoS protection, etc.
To see all answers submitted to the Answer Wiki: View Answer History.
The $64,000 question that very few have yet to figure out!!
Here are some articles I’ve written for TechTarget that should help you get started:
The Essentials of Web Application Threat Modeling
Writing software requirements that address security issues
The Fallacy of SSL
Web application vulnerabilities you don’t want to overlook
Web application security testing checklist
I’ve got quite a few more relevant article links on my site as well at the following pages:
http://principlelogic.com/applications.html
http://principlelogic.com/databases.html