On
Off
The process of securing modern web applications is a comprehensive exercise with various dimensions. Platform security is a quintessential necessity that helps organizations earn and retain customers’ trust. In this whitepaper, we discuss the key aspects of basic web security.
Tenets of web security
In this section, we discuss the key tenets of web security. We have shed light on the checklists, best practices, and common anti patterns for each of the tenets.
Authentication and Authorization
Authenticating the user is the start of the security journey. Based on the security needs of the web application, we can implement further security measures. Given below are the main best practices in authentication and authorization:
- Implement stateless and token-based authentication for modern web applications. We can employ Oauth protocols for authentication.
- Design and implement the account management best policies such as strong password policies, multi-factor authentication and time-based OTPs for sensitive functions, federated identity management, social login (login through Google, Apple, Facebook)
- Support open standards such as SAML (Security Assertion Markup Language) and OIDC (Open ID connect) for federated authentication.
- Employ strong cryptographic standards for sensitive data management.
- Encryt data at rest and during transit. We can encrypt data at rest using strong cryptographic methods such as SHA-256 based encryption and we can use TLS1.2 for transport level security.
- Audit authentication and authorization activities such as password change attempts, login/logout events and others.
- Design and implement role-based authorization and method level security.
- Design the single-sign-on (SSO) for various enterprise applications to provide a seamless user experience.
- Follow the principle of least privilege and layered security at each solution layer.
Download Whitepaper to read more
