Security vulnerability is a security exposure that results from a product flaw. Especially web applications are more prone to security vulnerability. There are several tools available to find the vulnerabilities of security in a softwae product. It is always better to prevent during development than fixing it later when the software is live on production environment. That’s where development checklist plays a major role. Here we’ll look into the tools we can use for the code review of the CentriQ web and a basic check list for developers.
OWASP Top 10:
- The Open Web Application Security Project “OWASP” (www.owasp.org) has identified the top 10 security risks which are affecting the web sites and web applications. Tools like veracode (www.veracode.com), CodeCrawler (http://codecrawler.codeplex.com/) uses this list. This list is not a complete list of risks, but top 10 of the common risks.
- OWASP website has a lot of details and examples for these risks (www.owasp.org/index.php/Category:OWASP_Top_Ten_Project) and the ways to prevent them and test them.
Microsoft Articles On preventing Security Vulnerability:
- https://docs.microsoft.com/en-us/aspnet/mvc/overview/older-versions-1/security/preventing-javascript-injection-attacks-cs
- https://docs.microsoft.com/en-us/aspnet/mvc/overview/security/preventing-open-redirection-attacks.
- Read about Microsoft’s free tool Attack Surface Analyzer for deducting security vulnerability created by an application.
Related Articles
- See this article for the other code review tools I’ve used for .Net web application development.