This week we are going to focus on how companies could generate effective application threat model to secure web applications facing the internet or on the public domain. Threat Model simply means how a web application could be attacked from an attacker’s perspective. For the first part of this series, we will start from the client side by placing emphasis on the main entry to web application which is the login page.
In real-world scenario, anybody seeking to protect his resources focuses on the main entrance. Likewise web developers interested in securing users’ data from attackers focuses on the login page primarily. Attackers attack login page of web application via the following attacks:
Five Steps to Secure Your Login Page
Although these steps could help secure web application from the above-mentioned attacks, there are other ways attackers could by-pass web authentication. Thus, we suggest that developers should put in place detection measures to capture or log malicious attempts.
Logging malicious attempts helps you to know which technique attackers tried to by-pass your login page and how you can secure your web application against such attacks.
In our next series, we shall focus on attacks against user’s accounts and how developers and application security engineers could make it difficult for malicious users to access user’s account.
#ISA_info
#ISA_ltd
Sign up our newsletter for update information, insight and promotion.