Web application security is a branch of Information Security that deals specifically with the security of websites, web applications and web services. At a high level, Web application security draws on the principles of application security but applies them specifically to Internet and Web systems.
Websites and any network to which web servers are connected are prone to security risks . With the emergence of the web and app based applications on such a large scale, there arises an issue of security. To overcome such a situation, every application has a role assigned that supervises the activities and transactions that occur over the application.
According to the security vendor Cenzic, the top vulnerabilities in March 2012 include:
Image Reference: https://en.wikipedia.org/wiki/Web_application_security
Best Practices Recommendation:
Secure web application development should be enhanced by applying security checkpoints and techniques at early stages of development as well as throughout the software development lifecycle. Special emphasis should be applied to the coding phase of development.
Security mechanisms to be used include, threat modeling, risk analysis, static analysis, digital signature, among others.
This particular module is designed with a .NET framework using C# and the SQL Server. This requires the user designing the application to keep a track of all the IP Addresses that access the website into a table. Let us name it as Ip_Log. The table can consist of the columns such as:
Log_Id | Ip_Address | Login_DateTime | Logout_DateTime | Browser |
The above query used to check an IP Address making multiple attempts to access your site. If an IP address has attempted more than 50 attempts within 10 minutes, return a status ex: ‘Blocked’.
On the JavaScript front, when the response received says ‘Blocked’ hide the Login panel so that malicious attempts are reduced.
Backend developer, Works on C#, SQL server lives in Manipal, Karnataka, India.