Abstract
Today, with the changes and developments in software technologies, web applications have gained an important place by being actively used in many sectors. Due to the fact that web applications do not require installation costs and are easily accessible and operable, the increased usage rate in recent years makes these systems the target of cyber hackers. As a result of cyber attacks, services are blocked, and material and moral damages and data privacy violations are experienced. Within the scope of this study, web applications are explained, vulnerabilities that threaten software security and the measures that can be taken against these vulnerabilities are included. Particularly, security threats to web applications, security principles, secure software development lifecycles, test tools, and hardware and software products used for security are examined. In addition, SAMM and BSIMM models, which are maturity models used in secure software development, are discussed.
TopWeb Applications
As the literature and news prove that web applications are inherently exposed to cyber threats. Therefore, the security vulnerabilities of web applications must be identified and then existing web applications must be secured with measures to be taken. As well as the existing web applications, future ones must be secured using secure application development practices.
A web client is a program that allows users to access web services, and with this access, they are processed and displayed in HyperText Markup Language (HTML) standards. Web clients are widely known examples of web browsers such as Google Chrome, Internet Explorer, and Mozilla Firefox. On the other hand, the web server processes Hypertext Transfer Protocol (HTTP) requests sent by web clients and sends their response back to the client. The web server responds to the request sent by the clients with HTTP in the same way. HTTP is used to transport information on the web and is used by clients to access web applications. Thanks to this protocol, all information can be accessed through the web server. The web client sends its requests using HTTP and the web server responds to the client using it, too. The way how content is sent to the clients by web servers is divided into two types as static and dynamic. Static content shows the page on the web server to the user as it is. It does not change according to the user's request. The HTML page prepared by the application is directly in front of the user.
Key Terms in this Chapter
Capability Maturity Model: A procedure used to develop and refine an organization's software development process.
Fuzzing: In software development, fuzzing is an automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program. The aim is to detect bugs automatically.
Cyber Threat: A malicious act that is performed with the aim of damaging data, stealing data, or disrupting digital life in general.
Software Development Life Cycle: The application of standard business practices to building software applications.
Web Application: A Web application is an application program that is stored on a remote server and delivered over the Internet through a web browser.