As a developer, knowledge of web application security vulnerabilities is essential in order to build software that is both resilient to attacks and protected through a layered approach of defense. The cybersecurity landscape is constantly shifting, however a good understanding of the most common vulnerabilities is a great place to get started with security. Before reviewing the articles below, be sure to look at 10 Most Common Security Vulnerabilities. The list that follows are a handful of articles I’ve written over the years both in my graduate and professional work. They focus on application security specifically as well as an understanding of the people behind such attacks.
- Hackers Motivation and Intent: This is a good overview of the various types of hacker, including their motivation to exploit vulnerabilities.
- Malicious Code Intrusion: A longer paper focusing on how malicious code intrusion has become a bigger problem in recent years. It focuses on the issues we face as we have moved to a distributed web model vs traditional desktop applications.
- Modern Application Frameworks, Legacy Browsers, and Security Implications: An overview of some of the problems introduced into modern web applications and the constant challenge with legacy browsers and security concerns.
- Web Application Database Vulnerabilities to be Aware of: A concise list of the various common vulnerabilities that exist in database systems. While many front-end developers focusing mainly on HTML and CSS do not have to be as concerned with database applications, it is worth understanding the types of issues that exist in these systems.
- SQL Injection Explained: Covered in the article above, this overview describes the process of SQL Injection with some basic example code.
- Confusion over Terminology (Vulnerabilities, Risks, Threats): The terms vulnerability, risk, and threat can often be confused by people not familiar with security principles. This short article summarizes the main differences that can easily be communicated to technical personnel.
In addition to the list above, take a few minutes and browse the various security resources available at the Open Web Application Security Project (OWASP). Specifically review the items listed under Reference. They provide good explanations of attacks, controls, vulnerabilities and other reference material. In addition to all of the above, there is a great answer posted on StackOverflow that lists what every programmer should know about security. Be sure to check this out as well. Even if you are starting out and only focusing on basic HTML, CSS and limited JavaScript, security should be something you continually build your knowledge on. It is something that is embedded in all parts of the software development life cycle and has become increasingly more essential as our applications grow in spread and complexity.