A Complete Strategy For Web Application Security

This paper is intent to develop a complete strategy to secure Web applications. The strategy is intended to improve the practices of the professionals associated with the development and operations of Web applications. Web application security is about protecting confidentiality, integrity, and availability of an organization’s Web assets as well as the organization’s reputation. The solution to Web application security is more than technology. It also involves policies, procedures, laws, people, and practices. Also, security is not a one-time effort. It should be an ongoing process integrated into the application development lifecycle. Security, like other Web application components, is best managed if planned at the initial phase of the application lifecycle. This strategy will help project managers and security professionals establish security policies, conduct risk assessment, and address potential risks in a cost-effective manner. It ensures system architects design secure application infrastructure. It makes sure application P ge 1.23.1 Proceedings of the 2005 American Society for Engineering Education Annual Conference & Exposition Copyright © 2005, American Society for Engineering Education developers write secure code. It helps security professionals conduct security review in a timely basis. It also enables system administrators to secure Web applications across the multiple layers of the application infrastructure. The ultimate goal of this strategy is to protect Web applications in a proactive, systematic, and holistic way.