• About
  • Archive
  • Contact
  • basefarm.com
Basefarm Blog
  • Big Data blog
  • Cloud blog
  • Security blog
  • DevOps blog
  • Menu

7 steps for more secure web applications

The protection of your web application should be on the agenda from the first line of code and is key to functional and secure operations, of the application in the future. We recommend Detectify who helped out Facebook, Google, PayPal, Dropbox and lots of others and here we outline what you need to do to improve the security of your applications.

We in Basefarm focus on secure operations of mission critical applications where security is naturally of great importance. To help our customers get the best solution we give advice on how to incorporate security already in the development phase, long before applications are launched.

We believe that there are no contradiction between fast development and high security. In cooperation with Detectify, we provide a thorough security check to reveal code vulnerabilities before they are discovered by hackers.

Detectify provides an online security scanner that automatically tests your web applications for 700+ vulnerabilities. The scanner is an easy to use tool for CSOs, CISOs, CIOs, CTOs, security engineers and developers also using devops.

Detectify was born from the simple idea that the internet was broken. The company’s founders, a team of top-ranked security experts, are on a mission to fix it.

“Security is not an afterthought, it should be considered from the first line of code. The best way to improve your security is to integrate it into your development process,” says Fredrik Nordberg Almroth, Detectify co-founder and security researcher.

As to systems already up and running, Almroth points out that understanding your web application’s security status is crucial. “The only vulnerabilities you can fix are those you are aware of. Working proactively with security and running scans on a regular basis will help you get secure and learn to write safer code,” he says.

These 7 steps can improve your security of your web appliations. Some of them might sound simple. That makes them feasible, which is good.

1. Prepare and do internal security chats.

Talk about security in a way that everyone in the organization understands. For non-IT colleagues, point out how good security can keep you ahead of competitors, increase customer loyalty and avoid negative PR induced by hackers. For the IT team show how security can be practically integrated into developer routines including sprints and agile work.

2. Have recurring reviews of security tools needs.

Go over your entire IT infrastructure and re-consider what kinds of facilities and services you need and how these fits internal processes.

3. Implement a web application security monitoring service.

Use during the development process and on a continuous basis when the application is up and running.

4. Plan and prioritize.

Map out your priorities before you run a security test. You will probably prioritize an e-commerce website that processes payments rather than your online store’s blog.

5. Interpret the results.

Detectify provides you with a threat score between 1 and 10 based on the standardized vulnerability scoring system CVSS. A high score signals an urgent need for fixing. Your findings will be divided into several parts colored green, yellow and red out of severity. Don’t get too nervous: go ahead and fix what you can and consult a Basefarm expert.

6. Make security a routine and not a one-off affair.

Security can easily be something “extra” which can be hard to prioritize. Turn your next web application development project into a security lighthouse project and establish a security culture for future and existing projects also.

7. Share with those who need to know.

Share results and best practices with your security team so the results won’t be wasted, and keep your findings away from those who do not need to know.

We look forward to a more secure world where web applications are protected and prepared for hacker attacks.

Share this entry
  • Share on Facebook
  • Share on Twitter
  • Share on Google+
  • Share on Pinterest
  • Share on Linkedin
  • Share by Mail

Cybersecurity Updates For Week 17 of 2022

April 29, 2022/in Security blog /by Sjir Bagmeijer

New Nimbuspwn Linux vulnerability gives hackers root privileges A new set of vulnerabilities collectively tracked as Nimbuspwn could let local attackers escalate privileges on Linux systems to deploy malware ranging from backdoors to ransomware. Read more: https://www.bleepingcomputer.com/news/security/new-nimbuspwn-linux-vulnerability-gives-hackers-root-privileges/ Security alert: Attack campaign involving stolen OAuth user tokens issued to two third-party integrators On April 12, GitHub […]

Read more
https://blog.basefarm.com/wp-content/uploads/2022/04/Cybersecurity-updates-for-week-17-of-2022-scaled.jpg 1709 2560 Sjir Bagmeijer https://blog.basefarm.com/wp-content/uploads/2018/03/basefarm-logo-blue-1.png Sjir Bagmeijer2022-04-29 12:20:182022-04-29 12:20:18Cybersecurity Updates For Week 17 of 2022

Cybersecurity Updates For Week 16 of 2022

April 22, 2022/in Security blog /by Sjir Bagmeijer

CVE-2021-3970, CVE-2021-3971, CVE-2021-3972: Lenovo UEFI Firmware Vulnerabilities Security company ESET discovered 3 new vulnerabilities in the UEFI firmware of Lenovo laptops which affected hundreds of Lenovo models including Lenovo Flex; IdeaPads; Legion; V14, V15, and V17 series; and Yoga laptops. Read more: https://securityonline.info/cve-2021-3970-lenovo-uefi-firmware-vulnerabilities/ Hackers Are Getting Caught Exploiting New Bugs More Than Ever A pair […]

Read more
https://blog.basefarm.com/wp-content/uploads/2022/04/cybersecurity-updates-for-week-16-of-2022-scaled.jpg 1707 2560 Sjir Bagmeijer https://blog.basefarm.com/wp-content/uploads/2018/03/basefarm-logo-blue-1.png Sjir Bagmeijer2022-04-22 07:40:152022-04-26 11:09:12Cybersecurity Updates For Week 16 of 2022

Cybersecurity Updates For Week 15 of 2022

April 15, 2022/in Security blog /by Sjir Bagmeijer

Microsoft Issues Patches for 2 Windows Zero-Days and 126 Other Vulnerabilities Microsoft’s Patch Tuesday updates for the month of April have addressed a total of 128 security vulnerabilities spanning across its software product portfolio, including Windows, Defender, Office, Exchange Server, Visual Studio, and Print Spooler, among others. Read more: https://thehackernews.com/2022/04/microsoft-issues-patches-for-2-windows.html Menswear Brand Zegna Reveals Ransomware […]

Read more
https://blog.basefarm.com/wp-content/uploads/2022/04/Cybersecurity-updates-for-week-15-of-2022-scaled.jpg 1707 2560 Sjir Bagmeijer https://blog.basefarm.com/wp-content/uploads/2018/03/basefarm-logo-blue-1.png Sjir Bagmeijer2022-04-15 09:19:062022-04-26 11:09:18Cybersecurity Updates For Week 15 of 2022

Cybersecurity Updates For Week 14 of 2022

April 8, 2022/in Security blog /by Sjir Bagmeijer

Cado Discovers Denonia: The First Malware Specifically Targeting Lambda Cado Labs routinely analyses cloud environments to look for the latest threats. As part of ongoing research, we found the first publicly-known case of malware specifically designed to execute in an AWS Lambda environment. Read more: https://www.cadosecurity.com/cado-discovers-denonia-the-first-malware-specifically-targeting-lambda/ VMware Patches Multiple Vulnerabilities in Workspace ONE, Identity and […]

Read more
https://blog.basefarm.com/wp-content/uploads/2022/04/cybersecurity-updates-for-week-14-of-2022-scaled.jpg 1707 2560 Sjir Bagmeijer https://blog.basefarm.com/wp-content/uploads/2018/03/basefarm-logo-blue-1.png Sjir Bagmeijer2022-04-08 09:22:372022-04-26 11:09:23Cybersecurity Updates For Week 14 of 2022

Cybersecurity Updates For Week 13 of 2022

April 1, 2022/in Security blog /by Sjir Bagmeijer

Spring Core on JDK9+ is vulnerable to remote code executio Spring Core on JDK9+ is vulnerable to remote code execution due to a bypass for CVE-2010-1622. At the time of writing, this vulnerability is unpatched in Spring Framework and there is a public proof-of-concept available. As we have remediation advice for customers (see below), we […]

Read more
https://blog.basefarm.com/wp-content/uploads/2022/04/cybersecurity-updates-for-week-13-of-2022-scaled.jpg 1440 2560 Sjir Bagmeijer https://blog.basefarm.com/wp-content/uploads/2018/03/basefarm-logo-blue-1.png Sjir Bagmeijer2022-04-01 12:56:482022-04-26 11:09:27Cybersecurity Updates For Week 13 of 2022

Cybersecurity Updates For Week 12 of 2022

March 25, 2022/in Security blog /by Sjir Bagmeijer

Okta’s Investigation of the January 2022 Compromise On March 22, 2022, nearly 24 hours ago, a number of screenshots were published online that were taken from a computer used by one of Okta’s third-party customer support engineers. Read more: https://www.okta.com/blog/2022/03/oktas-investigation-of-the-january-2022-compromise/ Microsoft confirms Lapsus$ breach after hackers publish Bing, Cortana source code Microsoft has confirmed that […]

Read more
https://blog.basefarm.com/wp-content/uploads/2022/03/cybersecurity-updates-for-week-12-of-2022-scaled.jpg 1440 2560 Sjir Bagmeijer https://blog.basefarm.com/wp-content/uploads/2018/03/basefarm-logo-blue-1.png Sjir Bagmeijer2022-03-25 19:10:262022-04-26 11:09:31Cybersecurity Updates For Week 12 of 2022

Cybersecurity Updates For Week 11 of 2022

March 18, 2022/in Security blog /by Sjir Bagmeijer

High-Severity DoS Vulnerability Patched in OpenSSL OpenSSL updates announced on Tuesday patch a high-severity denial-of-service (DoS) vulnerability related to certificate parsing. Read more: https://www.securityweek.com/high-severity-dos-vulnerability-patched-openssl CISOs face ‘perfect storm’ of ransomware and state-supported cybercrime With not just ransomware gangs raiding network after network, but nation states consciously turning a blind eye to it, today’s chief information […]

Read more
https://blog.basefarm.com/wp-content/uploads/2022/03/cybersecurity-updates-for-week-11-of-2022-scaled.jpg 1707 2560 Sjir Bagmeijer https://blog.basefarm.com/wp-content/uploads/2018/03/basefarm-logo-blue-1.png Sjir Bagmeijer2022-03-18 11:37:462022-04-26 11:09:36Cybersecurity Updates For Week 11 of 2022

Cybersecurity Updates For Week 10 of 2022

March 11, 2022/in Security blog /by Sjir Bagmeijer

Intel and Arm CPUs have a major security flaw A new Spectre class speculative execution vulnerability, called Branch History Injection (BHI) or Spectre-BHB, was jointly disclosed on Tuesday by VUSec security research group and Intel. Read more: https://www.techspot.com/news/93706-arm-intel-cpus-vulnerable-new-spectre-style-attack.html Microsoft tests new cloud-based Microsoft Defender for home users Microsoft has announced that the company’s new cloud-based […]

Read more
https://blog.basefarm.com/wp-content/uploads/2022/03/cybersecurity-updates-for-week-10-of-2022-scaled.jpg 1921 2560 Sjir Bagmeijer https://blog.basefarm.com/wp-content/uploads/2018/03/basefarm-logo-blue-1.png Sjir Bagmeijer2022-03-11 10:08:432022-04-26 11:09:41Cybersecurity Updates For Week 10 of 2022

Cybersecurity Updates For Week 9 of 2022

March 4, 2022/in Security blog /by Sjir Bagmeijer

DORA’s Global Reach and Why Enterprises Need to Prepare A new cybersecurity regulation is coming to the European financial services sector, and its authority will be felt worldwide. Read more: https://www.darkreading.com/risk/dora-s-global-reach-and-why-enterprises-need-to-prepare Shadowserver Special Reports – Cyclops Blink On 2022-03-03 we sent out a second special report with an additional 673 IPs likely infected with Cyclops […]

Read more
https://blog.basefarm.com/wp-content/uploads/2022/03/cybersecurity-updates-for-week-9-of-2022-scaled.jpg 1709 2560 Sjir Bagmeijer https://blog.basefarm.com/wp-content/uploads/2018/03/basefarm-logo-blue-1.png Sjir Bagmeijer2022-03-04 10:56:112022-04-26 11:09:44Cybersecurity Updates For Week 9 of 2022

Cybersecurity Updates For Week 8 of 2022

February 25, 2022/in Security blog /by Sjir Bagmeijer

New Data-Wiping Malware Discovered on Systems in Ukraine Researchers were scrambling to analyze a newly discovered piece of data-wiping malware found in the wild. Read more: https://www.darkreading.com/attacks-breaches/new-data-wiping-malware-discovered-on-systems-in-ukraine Notorious TrickBot Malware Gang Shuts Down its Botnet Infrastructure The modular Windows crimeware platform known as TrickBot formally shuttered its infrastructure on Thursday after reports emerged of its […]

Read more
https://blog.basefarm.com/wp-content/uploads/2022/02/cybersecurity-updates-for-week-8-of-2022-scaled.jpg 1709 2560 Sjir Bagmeijer https://blog.basefarm.com/wp-content/uploads/2018/03/basefarm-logo-blue-1.png Sjir Bagmeijer2022-02-25 12:45:572022-04-26 11:09:48Cybersecurity Updates For Week 8 of 2022
Page 1 of 63123›»

Recent Posts

  • Cybersecurity Updates For Week 17 of 2022
  • Cybersecurity Updates For Week 16 of 2022
  • Cybersecurity Updates For Week 15 of 2022
  • Cybersecurity Updates For Week 14 of 2022
  • Cybersecurity Updates For Week 13 of 2022
Subscribe via RSS

Recent Comments

  • kuncham on Oracle fixes vulnerabilities
  • Oracle Appications on Oracle Patch Update April 2013
  • Anudeep on How to install Logstash on Windows Server 2012 with Kibana in IIS.
  • Kumar on How to install Logstash on Windows Server 2012 with Kibana in IIS.
  • Øyvind Dyrnes on December 2 – Regularly download security updates and “patches”

Archive

  • 2022
  • 2021
  • 2020
  • 2019
  • 2018
  • 2017
  • 2016
  • 2015
  • 2014
  • 2013
  • 2012
  • 2011
© Copyright - Basefarm Security Blog
  • Facebook
  • Twitter
  • Instagram
  • Mail
The four greatest challenges for IT leaders 5 R’s for Cloud Migration
Scroll to top