When developing web applications, one of the first tasks that raise in a backlog is making this application secured. And this can be easily explained – web application exposes data to the whole world and everyone can access it within a moment via the Internet. There is nothing really to think about when the web application is a simple set of public static pages with static data which is available for everyone. But, when there comes a need to limit access to particular resources for some group of people, when the data exposed by web application is a highly sensitive private data, the security aspect of application implementation becomes a top priority.
The most famous and widely used approach to secure a web application is to have a so called “Login page” where the user can enter login and password to specify their identity. And then, basing on this identity the user may or may not be authorized to get access to certain resources or data. This security paradigm is straightforward, it has long history and there is a huge amount of frameworks implemented for different programming languages to easily add Login-Password authentication to web applications.
However, the web application security topic is far deeper than simple authentication. There are many aspects which should be considered when building really secured systems. And in this article I would like to highlight these aspects by reviewing OWASP – Open Web Application Security Project and TOP-10 most critical and wide-spread web application security vulnerabilities which are described by this project.