Controls of App Vulnerabilities

  1. Always validate all the inputs including format checking, bounds checking, and acceptable values.
  2. Always configure Web Applications appropriately.
  3. Regularly patch up all the servers including Web Server, Application Server, and Database Server.
  4. Do not save your Login credentials including passwords on the Web Browser.
  5. Do not save unnecessary information on your Web Browser.
  6. Log off immediately after the work on a Web Application is over – Do not keep the session open unnecessarily for long.
  1. Use strong encryption keys and strong encryption where required - Do not store the encryption keys on the Web Server.
  2. Define appropriate access rights.
  3. Ensure appropriate Log Out mechanisms in the Web Applications.
  4. Ensure that the Certificate is Valid and has not expired.
  5. Implement effective Cookie Management including Cookie time-out, do not store passwords in a Cookie, authenticate Cookies.
  6. Carry out regular Vulnerability Scans and Penetration Testing to understand and fix the underlying vulnerabilities.
These notes by Miriam Briskman are licensed under CC BY-NC 4.0 and based on sources.