The use of web applications has increased significantly as organizations try to find innovative ways to interact with users and customers. The increasing number of computer break-ins, the amount of critical data captured, processed, stored and transmitted across networks, and the rules concerning privacy and protection of personal information requires having effective controls in place for managing and administering network security and applications. Management has a responsibility to ensure that users are aware of the latest web application security vulnerabilities, verify that web developers are using secure coding techniques, securely configure web servers, periodically monitor the effectiveness of web application security processes and controls, and verify that user access to the web application is appropriate. It is critical that web applications are secure from the latest web application and web server security vulnerabilities and that only authorized individuals have access to the application.
Create a process to scan web applications or perform code reviews periodically to identify vulnerabilities and errors in code followed by appropriate resolution of any confirmed vulnerabilities and errors. The Open Web Application Security Project (OWASP) is an excellent resource who is focused on improving the security of software. Visit their site at https://www.owasp.org