Application Security
Today bringing your business online is a must in an effective business development strategy. Thus more and more sensitive data is moving to the web which brings new application security and information confidentiality challenges.
Complex Approach to Securing Web Applications
The most secure web applications are those that are developed initially with security in mind. Lock Media specialists follow a holistic approach to designing, building and supporting secure web applications. We address security issues on all application tiers (web server, application server and database).
While developing secure web applications we analyze vulnerability categories and potential threats (external or internal) depending on application scenario and technologies used. This enables us to develop an effective security architecture and take proper countermeasures.
| Vulnerabilities and Potential Threats | Securing Practices and Countermeasures |
| Authentication Network eavesdropping, Brute force attacks, Dictionary attacks,Cookie replays, Credentials theft |
|
| Input Validation Buffer overflow, cross-site scripting, SQL injection |
|
| Authorization Privilege elevation, confidential information disclosure, data tampering |
|
| Configuration Management Unauthorized access to application administration, hacking of configuration data |
|
| Sensitive Data Sensitive data discloser, network eavesdropping, data tampering |
|
The above vulnerabilities are just a part of a bigger list. Internet, intranet or extranet applications each has its specific security issues and challenges that need to be analyzed and addressed.
Securing Your Application over the Development Life Cycle
From initial stages of the software development cycle Lock Media specialists thoroughly consider security implications. This allows defining potential risks early and implementing effective countermeasures.
| Securing Categories and Practices | Development Life Cycle Phase | Roles Distribution |
| Threat Modeling | Architecture Design | Architect(R), Developer(I), Tester(I) |
| Security Design Practices | Architecture Design | Architect(R), Developer(I) |
| Security Architecture | Architecture Design | Architect(R) |
| Code Development and Review | Implementation | Developer(R), Tester(I) |
| Technology Related Threats | Implementation | Developer(R) |
| Security Testing | Testing and Stabilization | Tester(R), Architect (C), Developer (I) |
| Deployment Review | Deployment and Maintenance | System Administrator (R), Architect(C), Developer(I), Tester(I) |
Legend Key: R = Responsible, C = Consulted, I = Informed
Contact us to help you build and operate a highly secure and feature-rich web application.
