Figure 1. Report the risk of Web attacks
Web application security solutions are expressed as follows:
Web application security solutions will better support:
+ Minimize attacks and applications through the device application protection Web application (Web Application Firewall).
+ Focus on developing and building web applications in accordance with Web 2.0 standards with the highest web security criteria (PCI DSS, OWASP .)
+ The ability to monitor and prevent attacks with depth and concentration.
+ Improve the performance of the system, maximize the security features of each device in the system.
Need application security?
Currently, in the world, the web application security projects in e-commerce have developed over 2 years and there are many solutions for this problem. Besides, there are also some organizations that regularly analyze, value and offer the latest security criteria. We can mention OWASP (Open Web Application Security Project), a non-profit organization that provides the community with risks arising in web applications.
In Vietnam, businesses still do not have the exact concept of potential risks in web applications. We still have not identified the risks and errors on the website to lead to the threat of network attacks.
Enterprises are aiming for e-commerce or web-based applications that need to enhance security requirements for applications. Enterprises should learn about security issues when building applications. For example: Using NoSQL language to replace traditional SQL language has been 'outdated' and has many risks. Using open source tools such as Metasploit, SQLmap, Firecat . check and evaluate vulnerabilities in the network.
Develop system risk assessment forms (refer to OWASP, WASC security standards .) to classify risks to take specific actions when incidents occur. If possible, use a professional PenTest (system safety survey) service to limit the risks of an external attack.
In addition, businesses should also organize short-term and long-term courses on information security to raise the awareness of security for employees. Actively explore security processes and standards such as ISO 27000, 27001 . Adjust applications with the support of programmers to review applications, upgrade the system and conduct a system survey ( Audit) annually to assess the status of the application.
Information security requires individuals, organizations and businesses to constantly improve and develop continuously. Web applications provide users and businesses with many utilities, but also become an environment for 'profiteering' hackers. Before deploying business applications, businesses need to pay attention to the security of web applications.