guidetowebsecurity.com

Web application development is very different from other environments. Web browser and the nature of HTTP pose security pitfalls not found in traditional client-server applications. Web developers must know how web servers and browsers interact, the nature of Internet communications, and the attacks web applications undergo on the Internet. If you think your network is secured by a firewall and network intrusion detection system, think again. Security flaws in web applications easily bypass firewalls and other basic security measures. Many banks, military and e-commerce sites have learned that lesson. It’s easy for a well-experienced software developer to unwittingly create a web application that allows outsiders access to files on the server, gather passwords and customer information, and even alter the application itself despite firewalls and other security measures.