Controls of App Vulnerabilities
- Always validate all the inputs including format checking, bounds checking, and acceptable values.
- Always configure Web Applications appropriately.
- Regularly patch up all the servers including Web Server, Application Server, and Database Server.
- Do not save your Login credentials including passwords on the Web Browser.
- Do not save unnecessary information on your Web Browser.
- Log off immediately after the work on a Web Application is over – Do not keep the session open unnecessarily for long.
- Use strong encryption keys and strong encryption where required - Do not store the encryption keys on the Web Server.
- Define appropriate access rights.
- Ensure appropriate Log Out mechanisms in the Web Applications.
- Ensure that the Certificate is Valid and has not expired.
- Implement effective Cookie Management including Cookie time-out, do not store passwords in a Cookie, authenticate Cookies.
- Carry out regular Vulnerability Scans and Penetration Testing to understand and fix the underlying vulnerabilities.