Safety of Web Applications

Safety of Web Applications: Risks, Encryption and Handling Vulnerabilities with PHP explores many areas that can help computer science students and developers integrate security into their applications. The Internet is not secure, but it's very friendly as a tool for storing and manipulating data. Customer confidence in Internet software is based on it's ability to prevent damage and attacks, but secure software is complicated, depending on several factors, including good risk estimation, good code architecture, cyphering, web server configuration, coding to prevent the most common attacks, and identification and rights allocation.

• Helps computer science students and developers integrate security into their applications
• Includes sections on risk estimate, MVC modeling, the cyphering (certificates, bi-keys, https protocol)

Junior developers, computer science students

1: Why Do Web Applications Need to be Secure?

• Abstract
• 1.1 What is a web application?
• 1.2 What is computer security?
• 1.3 Examples of damage caused by security failures

2: Estimating Risk

• Abstract
• 2.1 What is risk?
• 2.2 How can we protect ourselves from risk?
• 2.3 Determining the target
• 2.4 Determining the impact
• 2.5 Which causes or scenarios should be considered?
• 2.6 How should this study be performed in a company setting?

3: Encryption and Web Server Configuration

• Abstract
• 3.1 Examples of different web servers
• 3.2 Introduction to concepts in encryption
• 3.3 Generating and managing encryption certificates
• 3.4 Implementing the HTTPS protocol
• 3.5 Improving the security of the Apache server
• 3.6 In summary

4: Threats and Protecting Against Them

• Abstract
• 4.1 The threats associated with web-based environments
• 4.2 The top 10 most frequent attacks in 2013
• 4.3 Other countermeasures
• 4.4 Implementing a resource controller

5: Managing User Logins and Assigning Permissions

• Abstract
• 5.1 Managing user logins
• 5.2 Managing permissions
• 5.3 In summary

6: Using the MVC Model to Structure the Application

• Abstract
• 6.1 Why does the application structure matter?
• 6.2 What is the MVC model?
• 6.3 Conclusion

7: Implementing a Suitable Technical Platform and Testing the Application

• Abstract
• 7.1 Designing a suitable technical architecture
• 7.2 Testing the security of the application
• 7.3 What options do we have if implementing security measures for an application seems an impossible task?