Web Application

& Security

Presented by:-
Name :- Anuj Sharma
Class :- 10th
Roll no. :- 19
Subject :- Information Technology (402)
 Content
● Introduction
● What are Web Applications ?
● Some Examples of Web Applications
● Vulnerabilities in Web Applications
● Consequences of Web Applications Security
Breaches
● Web Applications Firewall [ WAF ]
● Secure Development Lifecycle
 Introduction
Web application security is crucial due to several reasons.
Firstly, it protects sensitive user information from
unauthorized access and data breaches, maintaining user
trust and complying with privacy regulations. Secondly, it
prevents attacks like SQL injection and cross-site scripting,
safeguarding the application and its users. Additionally,
compromised web applications can lead to breaches in the
underlying infrastructure, making web application security
critical for overall network protection. By prioritizing web
application security, organizations ensure data
confidentiality, integrity, availability, and regulatory
compliance. It mitigates financial loss, maintains user
trust, and safeguards against the evolving landscape of
cyber threats.
 What are Web Application?
Web applications are software programs or
applications that are accessed and run through web
browsers. Unlike traditional desktop applications,
web applications do not require installation and
can be accessed from any device with an internet
connection.
Web applications are typically built using web
technologies such as HTML, CSS, and JavaScript,
and they interact with web servers to retrieve and
process data. They provide a user-friendly
interface for users to access and interact with
services, information, and functionalities offered
by the application.
 Some Examples of
Web Application
1.
Social media platforms are online platforms that enable users to create and share
Social Media Platform content, engage with others, and connect with a wide audience. They allow people
to communicate, share updates, photos, videos, and etc.

E-commerce is online buying and selling. It involves transactions, payments, and

2. E-Commerce digital storefronts, enabling businesses and consumers to engage in commerce

without physical limitations.

Online banking refers to the use of internet-based platforms and applications

3. Online Banking provided by banks, allowing customers to perform financial transactions, access
account information, and manage their banking activities remotely.

A gaming platform is an online service that hosts and offers a range of games for

4. Gaming Platform users to play, often with multiplayer functionality and social features, accessible
through web browsers or dedicated software.
Vulnerabilities in Web Applications

Cross-Site SQL Injection Cross-Site

Scripting Request Forgery

ClickJacking Security
Misconfiguration
 Consequences of Web Applications
Security Breaches
Data breaches refer to incidents where unauthorized individuals gain access to

1. Data breaches and loss of

sensitive information
sensitive information, such as personal or financial data. This can result in the
loss, theft, or exposure of private information, leading to potential misuse, identity
theft, or financial harm for individuals or organizations affected.

Financial losses and fraud occur when individuals or organizations experience

2. Financial loss and fraud

monetary damages due to fraudulent activities, such as unauthorized
transactions, identity theft, or manipulation of financial data, resulting in financial
harm and potential legal consequences.

Damage to reputation and customer trust happens when a business or

3. Damage to reputation and

customer trust
individual's actions or security breaches result in negative public perception, loss
of credibility, and diminished trust from customers, potentially leading to reduced
customer loyalty and financial impact.

Legal and regulatory consequences involve penalties and liabilities faced by

4. Legal and regulatory

consequences
individuals or organizations for violating laws or regulations, potentially leading to
fines, legal actions, reputational harm, and other legal repercussions.
 Web Application
Firewall [ WAF ]
A WAF protects your web apps by filtering, monitoring, and blocking any malicious HTTP/S traffic traveling to
the web application, and prevents any unauthorized data from leaving the app. It does this by adhering to a set of
policies that help determine what traffic is malicious and what traffic is safe. Let’s see how does it actually
works :-

Valid Request

Malicious Request
Web Application Destination Server
Firewall

Valid Request
 Secure Development Lifecycle
Requirements and Design
Incorporating security requirements and
1 considerations into the software design
phase, including threat modeling and risk
Secure Coding analysis.
Applying secure coding practices, such as 2
input validation, output encoding, proper
error handling, and secure configuration. Testing quality and assurance
3 Conducting various security tests,
Deployment and Maintenance including vulnerability scanning,
penetration testing, and code review, to
Ensuring secure deployment and identify and address security weaknesses.
4
configuration of the software in production
environments, as well as maintaining security
through timely updates and patches. Security Incident Response
Establishing processes and procedures to
5
handle security incidents, including
detection, containment, eradication, and
recovery.
 References
● TechTarget -
https://www.techtarget.com/
● StackPath -
https://www.stackpath.com/
● Relevant Software -
https://relevant.software/
● Check Point -
https://www.checkpoint.com/