SlideShare une entreprise Scribd logo

Web App Security: Anatomy and Best Practices

Aung Khant
Aung Khant

A white paper discusses the anatomy of a web application and security considerations, outlining how web applications are built and how trust is established with users. It covers how authentication, authorization, encryption, and other methods enforce security and trust between the application and users. The paper also examines how application design, architecture, and coding practices can impact security.

TechnologieActualités & Politique
1  sur  21
Télécharger pour lire hors ligne
ANATOMY OF A WEB APPLICATION: Security Considerations White Paper Steve Pettit, Sanctum Inc. July, 2001 Sanctum, the Sanctum logo, AppShield, Policy Recognition and Adaptive Reduction are trademarks of Sanctum, Inc. Products mentioned herein are for identification purposes only and may be registered trademarks of their respective companies. Specification subject to change without notice. 2001 Sanctum, Inc. All rights reserved.
Web App Security: Anatomy and Best Practices
Web App Security: Anatomy and Best Practices
Web App Security: Anatomy and Best Practices
Web App Security: Anatomy and Best Practices
Web App Security: Anatomy and Best Practices
Web App Security: Anatomy and Best Practices
Web App Security: Anatomy and Best Practices
Web App Security: Anatomy and Best Practices
Web App Security: Anatomy and Best Practices
Web App Security: Anatomy and Best Practices
Web App Security: Anatomy and Best Practices
Web App Security: Anatomy and Best Practices
Web App Security: Anatomy and Best Practices
Web App Security: Anatomy and Best Practices
Web App Security: Anatomy and Best Practices
Web App Security: Anatomy and Best Practices
Web App Security: Anatomy and Best Practices
Web App Security: Anatomy and Best Practices
Web App Security: Anatomy and Best Practices
Web App Security: Anatomy and Best Practices

Recommandé

Owasp Community in Lviv
Owasp Community in LvivOwasp Community in Lviv
Owasp Community in LvivTjylen Veselyj
 
OSHA Certificate from Grainger
OSHA Certificate from GraingerOSHA Certificate from Grainger
OSHA Certificate from GraingerThomas Foss
 
Gov Semi2008 03
Gov Semi2008 03Gov Semi2008 03
Gov Semi2008 03Akao Koichi
 
NECC Librarians and Web 2.0
NECC Librarians and Web 2.0NECC Librarians and Web 2.0
NECC Librarians and Web 2.0Judy O'Connell
 
Cgi Trap
Cgi TrapCgi Trap
Cgi TrapAung Khant
 
Dsl Pattern Language
Dsl Pattern LanguageDsl Pattern Language
Dsl Pattern LanguageYoshiki Shibukawa
 
App Sec
App SecApp Sec
App SecAung Khant
 
0racle Security
0racle Security0racle Security
0racle SecurityAung Khant
 

Recommandé

Owasp Community in Lviv
Owasp Community in LvivOwasp Community in Lviv
Owasp Community in LvivTjylen Veselyj
 
OSHA Certificate from Grainger
OSHA Certificate from GraingerOSHA Certificate from Grainger
OSHA Certificate from GraingerThomas Foss
 
Gov Semi2008 03
Gov Semi2008 03Gov Semi2008 03
Gov Semi2008 03Akao Koichi
 
NECC Librarians and Web 2.0
NECC Librarians and Web 2.0NECC Librarians and Web 2.0
NECC Librarians and Web 2.0Judy O'Connell
 
Cgi Trap
Cgi TrapCgi Trap
Cgi TrapAung Khant
 
Dsl Pattern Language
Dsl Pattern LanguageDsl Pattern Language
Dsl Pattern LanguageYoshiki Shibukawa
 
App Sec
App SecApp Sec
App SecAung Khant
 
0racle Security
0racle Security0racle Security
0racle SecurityAung Khant
 
Dotnetsecurecodingpractices
DotnetsecurecodingpracticesDotnetsecurecodingpractices
DotnetsecurecodingpracticesAung Khant
 
Cenzic_AppSecTrends_Q1-Q2-2009
Cenzic_AppSecTrends_Q1-Q2-2009Cenzic_AppSecTrends_Q1-Q2-2009
Cenzic_AppSecTrends_Q1-Q2-2009diTii
 
Web Application Security Trends Report by Cenzic
Web Application Security Trends Report by Cenzic Web Application Security Trends Report by Cenzic
Web Application Security Trends Report by Cenzic diTii
 
Cenzic_AppSecTrends_Q1-Q2-2009
Cenzic_AppSecTrends_Q1-Q2-2009Cenzic_AppSecTrends_Q1-Q2-2009
Cenzic_AppSecTrends_Q1-Q2-2009diTii
 
Cenzic app sectrends_q1-q2-2009
Cenzic app sectrends_q1-q2-2009Cenzic app sectrends_q1-q2-2009
Cenzic app sectrends_q1-q2-2009Suryasen Kundu
 
Compliance in the mobile enterprise: 5 tips to prepare for your next audit
Compliance in the mobile enterprise: 5 tips to prepare for your next auditCompliance in the mobile enterprise: 5 tips to prepare for your next audit
Compliance in the mobile enterprise: 5 tips to prepare for your next auditNowSecure
 
Designing your applications with a security twist 2007
Designing your applications with a security twist 2007Designing your applications with a security twist 2007
Designing your applications with a security twist 2007Blue Slate Solutions
 
Advancing Consumer Engagements by Improving Customer Identity and Access Mana...
Advancing Consumer Engagements by Improving Customer Identity and Access Mana...Advancing Consumer Engagements by Improving Customer Identity and Access Mana...
Advancing Consumer Engagements by Improving Customer Identity and Access Mana...Enterprise Management Associates
 
Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...
Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...
Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...NowSecure
 
Web Application Security - Everything You Should Know
Web Application Security - Everything You Should KnowWeb Application Security - Everything You Should Know
Web Application Security - Everything You Should KnowNarola Infotech
 
Solving for Compliance: Mobile app security for banking and financial services
Solving for Compliance: Mobile app security for banking and financial servicesSolving for Compliance: Mobile app security for banking and financial services
Solving for Compliance: Mobile app security for banking and financial servicesNowSecure
 
Fad final print
Fad final printFad final print
Fad final printavelinakauffman
 
Common 2009 Getting Started On The Road To Compliance
Common 2009 Getting Started On The Road To ComplianceCommon 2009 Getting Started On The Road To Compliance
Common 2009 Getting Started On The Road To Complianceimigrnt
 
IDBI Intech - Information security consulting
IDBI Intech - Information security consultingIDBI Intech - Information security consulting
IDBI Intech - Information security consultingIDBI Intech
 
Identityofthings amitjasuj av10
Identityofthings amitjasuj av10Identityofthings amitjasuj av10
Identityofthings amitjasuj av10OracleIDM
 
CrossIdeas Roadshow IBM IAM Governance Andrea Rossi
CrossIdeas Roadshow IBM IAM Governance Andrea RossiCrossIdeas Roadshow IBM IAM Governance Andrea Rossi
CrossIdeas Roadshow IBM IAM Governance Andrea RossiIBM Sverige
 
Info sec for startups
Info sec for startupsInfo sec for startups
Info sec for startupsKesava Reddy
 
Desvendando o desenvolvimento seguro de software
Desvendando o desenvolvimento seguro de softwareDesvendando o desenvolvimento seguro de software
Desvendando o desenvolvimento seguro de softwareAllyson Chiarini
 
Website Security Statistics Report 2013
Website Security Statistics Report 2013Website Security Statistics Report 2013
Website Security Statistics Report 2013Bee_Ware
 
The ROI on Intrusion Prevention: Protecting Both Your Network & Investment
The ROI on Intrusion Prevention: Protecting Both Your Network & InvestmentThe ROI on Intrusion Prevention: Protecting Both Your Network & Investment
The ROI on Intrusion Prevention: Protecting Both Your Network & InvestmentIBM Security
 
Introducing Msd
Introducing MsdIntroducing Msd
Introducing MsdAung Khant
 
Securing Php App
Securing Php AppSecuring Php App
Securing Php AppAung Khant
 

Contenu connexe

Similaire à Web App Security: Anatomy and Best Practices

Dotnetsecurecodingpractices
DotnetsecurecodingpracticesDotnetsecurecodingpractices
DotnetsecurecodingpracticesAung Khant
 
Cenzic_AppSecTrends_Q1-Q2-2009
Cenzic_AppSecTrends_Q1-Q2-2009Cenzic_AppSecTrends_Q1-Q2-2009
Cenzic_AppSecTrends_Q1-Q2-2009diTii
 
Web Application Security Trends Report by Cenzic
Web Application Security Trends Report by Cenzic Web Application Security Trends Report by Cenzic
Web Application Security Trends Report by Cenzic diTii
 
Cenzic_AppSecTrends_Q1-Q2-2009
Cenzic_AppSecTrends_Q1-Q2-2009Cenzic_AppSecTrends_Q1-Q2-2009
Cenzic_AppSecTrends_Q1-Q2-2009diTii
 
Cenzic app sectrends_q1-q2-2009
Cenzic app sectrends_q1-q2-2009Cenzic app sectrends_q1-q2-2009
Cenzic app sectrends_q1-q2-2009Suryasen Kundu
 
Compliance in the mobile enterprise: 5 tips to prepare for your next audit
Compliance in the mobile enterprise: 5 tips to prepare for your next auditCompliance in the mobile enterprise: 5 tips to prepare for your next audit
Compliance in the mobile enterprise: 5 tips to prepare for your next auditNowSecure
 
Designing your applications with a security twist 2007
Designing your applications with a security twist 2007Designing your applications with a security twist 2007
Designing your applications with a security twist 2007Blue Slate Solutions
 
Advancing Consumer Engagements by Improving Customer Identity and Access Mana...
Advancing Consumer Engagements by Improving Customer Identity and Access Mana...Advancing Consumer Engagements by Improving Customer Identity and Access Mana...
Advancing Consumer Engagements by Improving Customer Identity and Access Mana...Enterprise Management Associates
 
Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...
Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...
Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...NowSecure
 
Web Application Security - Everything You Should Know
Web Application Security - Everything You Should KnowWeb Application Security - Everything You Should Know
Web Application Security - Everything You Should KnowNarola Infotech
 
Solving for Compliance: Mobile app security for banking and financial services
Solving for Compliance: Mobile app security for banking and financial servicesSolving for Compliance: Mobile app security for banking and financial services
Solving for Compliance: Mobile app security for banking and financial servicesNowSecure
 
Common 2009 Getting Started On The Road To Compliance
Common 2009 Getting Started On The Road To ComplianceCommon 2009 Getting Started On The Road To Compliance
Common 2009 Getting Started On The Road To Complianceimigrnt
 
IDBI Intech - Information security consulting
IDBI Intech - Information security consultingIDBI Intech - Information security consulting
IDBI Intech - Information security consultingIDBI Intech
 
Identityofthings amitjasuj av10
Identityofthings amitjasuj av10Identityofthings amitjasuj av10
Identityofthings amitjasuj av10OracleIDM
 
CrossIdeas Roadshow IBM IAM Governance Andrea Rossi
CrossIdeas Roadshow IBM IAM Governance Andrea RossiCrossIdeas Roadshow IBM IAM Governance Andrea Rossi
CrossIdeas Roadshow IBM IAM Governance Andrea RossiIBM Sverige
 
Info sec for startups
Info sec for startupsInfo sec for startups
Info sec for startupsKesava Reddy
 
Desvendando o desenvolvimento seguro de software
Desvendando o desenvolvimento seguro de softwareDesvendando o desenvolvimento seguro de software
Desvendando o desenvolvimento seguro de softwareAllyson Chiarini
 
Website Security Statistics Report 2013
Website Security Statistics Report 2013Website Security Statistics Report 2013
Website Security Statistics Report 2013Bee_Ware
 
The ROI on Intrusion Prevention: Protecting Both Your Network & Investment
The ROI on Intrusion Prevention: Protecting Both Your Network & InvestmentThe ROI on Intrusion Prevention: Protecting Both Your Network & Investment
The ROI on Intrusion Prevention: Protecting Both Your Network & InvestmentIBM Security
 

Similaire à Web App Security: Anatomy and Best Practices (20)

Dotnetsecurecodingpractices
DotnetsecurecodingpracticesDotnetsecurecodingpractices
Dotnetsecurecodingpractices
 
Cenzic_AppSecTrends_Q1-Q2-2009
Cenzic_AppSecTrends_Q1-Q2-2009Cenzic_AppSecTrends_Q1-Q2-2009
Cenzic_AppSecTrends_Q1-Q2-2009
 
Web Application Security Trends Report by Cenzic
Web Application Security Trends Report by Cenzic Web Application Security Trends Report by Cenzic
Web Application Security Trends Report by Cenzic
 
Cenzic_AppSecTrends_Q1-Q2-2009
Cenzic_AppSecTrends_Q1-Q2-2009Cenzic_AppSecTrends_Q1-Q2-2009
Cenzic_AppSecTrends_Q1-Q2-2009
 
Cenzic app sectrends_q1-q2-2009
Cenzic app sectrends_q1-q2-2009Cenzic app sectrends_q1-q2-2009
Cenzic app sectrends_q1-q2-2009
 
Compliance in the mobile enterprise: 5 tips to prepare for your next audit
Compliance in the mobile enterprise: 5 tips to prepare for your next auditCompliance in the mobile enterprise: 5 tips to prepare for your next audit
Compliance in the mobile enterprise: 5 tips to prepare for your next audit
 
Designing your applications with a security twist 2007
Designing your applications with a security twist 2007Designing your applications with a security twist 2007
Designing your applications with a security twist 2007
 
Advancing Consumer Engagements by Improving Customer Identity and Access Mana...
Advancing Consumer Engagements by Improving Customer Identity and Access Mana...Advancing Consumer Engagements by Improving Customer Identity and Access Mana...
Advancing Consumer Engagements by Improving Customer Identity and Access Mana...
 
Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...
Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...
Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...
 
Web Application Security - Everything You Should Know
Web Application Security - Everything You Should KnowWeb Application Security - Everything You Should Know
Web Application Security - Everything You Should Know
 
Solving for Compliance: Mobile app security for banking and financial services
Solving for Compliance: Mobile app security for banking and financial servicesSolving for Compliance: Mobile app security for banking and financial services
Solving for Compliance: Mobile app security for banking and financial services
 
Fad final print
Fad final printFad final print
Fad final print
 
Common 2009 Getting Started On The Road To Compliance
Common 2009 Getting Started On The Road To ComplianceCommon 2009 Getting Started On The Road To Compliance
Common 2009 Getting Started On The Road To Compliance
 
IDBI Intech - Information security consulting
IDBI Intech - Information security consultingIDBI Intech - Information security consulting
IDBI Intech - Information security consulting
 
Identityofthings amitjasuj av10
Identityofthings amitjasuj av10Identityofthings amitjasuj av10
Identityofthings amitjasuj av10
 
CrossIdeas Roadshow IBM IAM Governance Andrea Rossi
CrossIdeas Roadshow IBM IAM Governance Andrea RossiCrossIdeas Roadshow IBM IAM Governance Andrea Rossi
CrossIdeas Roadshow IBM IAM Governance Andrea Rossi
 
Info sec for startups
Info sec for startupsInfo sec for startups
Info sec for startups
 
Desvendando o desenvolvimento seguro de software
Desvendando o desenvolvimento seguro de softwareDesvendando o desenvolvimento seguro de software
Desvendando o desenvolvimento seguro de software
 
Website Security Statistics Report 2013
Website Security Statistics Report 2013Website Security Statistics Report 2013
Website Security Statistics Report 2013
 
The ROI on Intrusion Prevention: Protecting Both Your Network & Investment
The ROI on Intrusion Prevention: Protecting Both Your Network & InvestmentThe ROI on Intrusion Prevention: Protecting Both Your Network & Investment
The ROI on Intrusion Prevention: Protecting Both Your Network & Investment
 

Plus de Aung Khant

Introducing Msd
Introducing MsdIntroducing Msd
Introducing MsdAung Khant
 
Securing Php App
Securing Php AppSecuring Php App
Securing Php AppAung Khant
 
Securing Web Server Ibm
Securing Web Server IbmSecuring Web Server Ibm
Securing Web Server IbmAung Khant
 
Security Design Patterns
Security Design PatternsSecurity Design Patterns
Security Design PatternsAung Khant
 
Security Code Review
Security Code ReviewSecurity Code Review
Security Code ReviewAung Khant
 
Security Engineering Executive
Security Engineering ExecutiveSecurity Engineering Executive
Security Engineering ExecutiveAung Khant
 
Security Engineeringwith Patterns
Security Engineeringwith PatternsSecurity Engineeringwith Patterns
Security Engineeringwith PatternsAung Khant
 
Security Web Servers
Security Web ServersSecurity Web Servers
Security Web ServersAung Khant
 
Security Testing Web App
Security Testing Web AppSecurity Testing Web App
Security Testing Web AppAung Khant
 
Session Fixation
Session FixationSession Fixation
Session FixationAung Khant
 
Sql Injection Paper
Sql Injection PaperSql Injection Paper
Sql Injection PaperAung Khant
 
Sql Injection Adv Owasp
Sql Injection Adv OwaspSql Injection Adv Owasp
Sql Injection Adv OwaspAung Khant
 
Php Security Iissues
Php Security IissuesPhp Security Iissues
Php Security IissuesAung Khant
 
Sql Injection White Paper
Sql Injection White PaperSql Injection White Paper
Sql Injection White PaperAung Khant
 
S Vector4 Web App Sec Management
S Vector4 Web App Sec ManagementS Vector4 Web App Sec Management
S Vector4 Web App Sec ManagementAung Khant
 
Php Security Value1
Php Security Value1Php Security Value1
Php Security Value1Aung Khant
 
Privilege Escalation
Privilege EscalationPrivilege Escalation
Privilege EscalationAung Khant
 
Php Security Workshop
Php Security WorkshopPhp Security Workshop
Php Security WorkshopAung Khant
 
Preventing Xs Sin Perl Apache
Preventing Xs Sin Perl ApachePreventing Xs Sin Perl Apache
Preventing Xs Sin Perl ApacheAung Khant
 

Plus de Aung Khant (20)

Introducing Msd
Introducing MsdIntroducing Msd
Introducing Msd
 
Securing Php App
Securing Php AppSecuring Php App
Securing Php App
 
Securing Web Server Ibm
Securing Web Server IbmSecuring Web Server Ibm
Securing Web Server Ibm
 
Security Design Patterns
Security Design PatternsSecurity Design Patterns
Security Design Patterns
 
Security Code Review
Security Code ReviewSecurity Code Review
Security Code Review
 
Security Engineering Executive
Security Engineering ExecutiveSecurity Engineering Executive
Security Engineering Executive
 
Security Engineeringwith Patterns
Security Engineeringwith PatternsSecurity Engineeringwith Patterns
Security Engineeringwith Patterns
 
Security Web Servers
Security Web ServersSecurity Web Servers
Security Web Servers
 
Security Testing Web App
Security Testing Web AppSecurity Testing Web App
Security Testing Web App
 
Session Fixation
Session FixationSession Fixation
Session Fixation
 
Sql Injection Paper
Sql Injection PaperSql Injection Paper
Sql Injection Paper
 
Sql Injection Adv Owasp
Sql Injection Adv OwaspSql Injection Adv Owasp
Sql Injection Adv Owasp
 
Php Security Iissues
Php Security IissuesPhp Security Iissues
Php Security Iissues
 
Sql Injection White Paper
Sql Injection White PaperSql Injection White Paper
Sql Injection White Paper
 
S Shah Web20
S Shah Web20S Shah Web20
S Shah Web20
 
S Vector4 Web App Sec Management
S Vector4 Web App Sec ManagementS Vector4 Web App Sec Management
S Vector4 Web App Sec Management
 
Php Security Value1
Php Security Value1Php Security Value1
Php Security Value1
 
Privilege Escalation
Privilege EscalationPrivilege Escalation
Privilege Escalation
 
Php Security Workshop
Php Security WorkshopPhp Security Workshop
Php Security Workshop
 
Preventing Xs Sin Perl Apache
Preventing Xs Sin Perl ApachePreventing Xs Sin Perl Apache
Preventing Xs Sin Perl Apache
 

Dernier

UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 

Dernier (20)

UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 

Web App Security: Anatomy and Best Practices

  • 1. ANATOMY OF A WEB APPLICATION: Security Considerations White Paper Steve Pettit, Sanctum Inc. July, 2001 Sanctum, the Sanctum logo, AppShield, Policy Recognition and Adaptive Reduction are trademarks of Sanctum, Inc. Products mentioned herein are for identification purposes only and may be registered trademarks of their respective companies. Specification subject to change without notice. 2001 Sanctum, Inc. All rights reserved.