The document outlines essential strategies for securing web applications, highlighting the increasing vulnerability of web apps to cyber threats, which are projected to cost the global economy $10.5 trillion by 2025. It provides a checklist of nine practical tips including using web application scanners, strong passwords, secure web server configurations, and regular vulnerability testing to mitigate risks. Emphasizing proactive measures, the document suggests engaging with expert developers to implement these security practices effectively.

1. Quick Code
How to Secure Web Apps — A Web App
Security Checklist
Ajay Kapoor Follow
Aug 26, 2021 · 6 min read
These days, web apps are increasingly becoming integral to our lives as they are used
everywhere in the world. However, they often lack the kind of protection that
traditional software and operating systems have, making them vulnerable to both
Open in app Get started

2. internal and external sources.
As per Cyber Security crimes, the rate of cybercrimes is to cost the world $10.5 trillion
by 2025. The rise of ransomware, XSS attacks have become a nightmare for established
business enterprises worldwide. However, with the right strategy, you can e몭ectively
escape cyber threats.
Do you know the most concerning cyber threats?
Here’s what the experts feel.
Source: Statista
The rise of cyber threats has made web app security increasingly important, especially
since some of the most well-known institutions in the world have been breached at one
point or another because of their security 몭aws.

3. Here are the Top 9 Tips on Making your Web App Safe and Secured:
1) Web Application Scanners
Web application scanners test your sites for various vulnerabilities, such as SQL
injection or cross-site scripting (XSS). A more advanced tool used by web developers
to check out is a Burp Suite, which o몭ers a broader range of testing features and takes
more time to master than more straightforward tools.
If you’re building an e-commerce site, make sure that you always run it through at least
one type of scanner before going live. Some systems will automatically perform these
scans when you update them and alert you if they 몭nd any problems — so make sure
those are turned on!
Scanning tools aren’t perfect; they occasionally return false positives or report issues
that are harmless — be vigilant in double-checking their 몭ndings before taking action
based on them!
2) Don’t Use Easy-to-guess Passwords
Most people are familiar with using some variation of their name, birthday, or favorite
sports team to create a password they won’t forget — but those passwords are also
likely to be stolen by hackers.
Hackers’ most common trick is to access user databases full of clear-text passwords (in
other words, not scrambled) that can then be used for malicious purposes like identity
theft or distributed denial-of-service attacks.

4. Source: Statista Data Breaches
They can easily decode these passwords from usernames because many people use
easy-to-guess combinations like admin, password, or 12345. The best way to avoid
being part of that statistic is by choosing strong passphrases instead: sentences or
poems that you can remember but aren’t easy for others to guess.
3) Use Subdomains Instead of Host Names
You can’t eliminate security risks, but you can make yourself a more challenging target
to hit by using subdomains instead of hostnames to separate your work and personal
life on a single device or server.
4) Disable Integrated Windows Authentication (IWA)
Integrated Windows Authentication is a Microsoft network protocol that uses either
clear-text passwords or encryption challenge/response authentication over TCP port
139 to authenticate users when logging on to servers.
It gets enabled by default in Internet Information Services (IIS) 6 but can be disabled
via IIS Manager or Windows Registry Editor if desired by an administrator or system
owner.

5. Disabling IWA is typically done to avoid exposing users’ usernames and passwords over
a network connection. However, it also disables NTLM authentication, which can be an
issue if you have non-Microsoft clients connecting to your server with legacy operating
systems like Windows 95, 98, etc.
Apple computers were running Mac OS X version 10.3 or earlier before Kerberos
supported Mac OS X.
5) Set up a CAPTCHA
CAPTCHA simply stands for Completely Automated Public Turing test to tell Computers
and Humans Apart (sometimes called a human veri몭cation system). CAPTCHA is
generally used on a website to verify that you are human. Still, it has many other uses in
computing, such as password recovery, computer logins, user authentication, making
forms accessible to adaptive technology software like screen readers (software that
reads text on screen).
Or keyboard-only navigation interfaces, preventing automated spam submission on
webmail services. The list goes on! It’s a handy tool when dealing with potentially
problematic automatic input from users.
6) Test your Site Regularly for Vulnerabilities
Cookies are typically used to store session information or shopping cart data. But
keeping sensitive information such as passwords, credit card numbers, social security
numbers in cookies is very risky.
It can be easily captured through various means (including browser malware) or even

6. inadvertently disclosed in log 몭les that are often stored on a server, along with cookies
that are not automatically cleared between sessions.
Instead, you should consider using some form of database storage to save session data
that will help minimize potential exposure if someone happens to access it
inappropriately. For example, some browsers support SQLite databases, which can be
used in place of cookies if properly con몭gured.
7) Implement Secure Web Server Con몭guration Settings
The Apache HTTP Server is responsible for hosting almost two-thirds of websites on the
Internet today, making it one of the most famous pieces of software in history.
That also means more people use it than ever before to test new, vulnerable code —
code that blackhats can exploit. These malicious hackers create viruses to steal 몭nancial
data from unsuspecting victims or plant malware on servers that infect thousands of
others via email or downloads.
Keeping Apache secure is a must if you plan to run a website with sensitive information
on it. Here are some con몭guration changes you can make to increase security.
8) Avoid Putting Sensitive Data in Cookies

7. Cookies are supposed to be tiny bits of information that websites use to keep track of
information for things like logged-in users or a user’s shopping cart on an eCommerce
site. However, if you’re working with sensitive data like usernames or passwords,
storing it in a cookie is very risky.
If someone steals your cookies from one site, they could use them to access other parts
of your sites as well. Make sure any sensitive data is encrypted before storing it in a
cookie so that anyone else can’t read it even if they steal it from you. Alternatively, store
that information in a database instead so that there’s no risk of getting it stolen.
Cookie theft is a signi몭cant concern in e-commerce, especially since cookies are easily
read by sni몭ng tra몭c and can easily get stolen over an unencrypted Wi-Fi connection.
They are used to hold vulnerable encrypted credentials if your site isn’t served over
SSL/TLS or if encryption keys have been stored in clear text inside of them — not good!
If you’re looking for a quick way to make your cookies more secure, ensure they don’t
contain any sensitive data, like credit card numbers or passwords.
9) Keep Testing while Deploying Updates
Regularly creating and executing penetration tests will help you identify vulnerabilities
in your code that hackers could exploit. Penetration testing simulates real-world
attacks to see how far an intruder can get into a system.
In addition, manual pen tests may not reveal speci몭c design or architecture 몭aws that
automated tools can detect. If you don’t 몭x these 몭aws, they could enable intruders to
breach a network or conduct malware attacks on web application users. Testing after
deployment also helps ensure that new code doesn’t create more vulnerabilities than
patches.
Every time you add functionality to a program, it opens up security holes, so thorough
testing is crucial to ensuring integrity while updating applications.

8. Wrapping Up
It’s better to take precautions than to feel sorry later. Implement the top tips listed
above with the help of a leading web development company in India.
Sign up for Developer Updates
By Quick Code
Receive weekly updates about new posts on programming, development, data science, web
development and more Take a look.
Get this newsletter
By signing up, you will create a Medium account if you don’t already have one. Review our Privacy Policy for more information
about our privacy practices.
Web Development Web Website Design Web Design Security
Your email

9. WRITTEN BY
Ajay Kapoor Follow
Hey, I’m Ajay, a tech blogger working with PixelCrayons who loves to share his extensive tech-related
knowledge with like-minded people.
Quick Code Follow
Find the best tutorials and courses for the web, mobile, chatbot, AR/VR development, database
management, data science, web design and cryptocurrency. Practice in JavaScript, Java, Python, R,
Android, Swift, Objective-C, React, Node Js, Ember, C++, SQL & more.
More From Medium
6 Niche search engines you can explore
Techpremiumdomains
USDT CryptoFarm (05/19/2021)—Earn 8% Expected
Annualized Return
OceanEx Official
Australian Crypto Rules Will Usher in Monetary
Overhaul
Daysofcrypto
Just finished Defcon 2017!
Serge Romero
XSL Labs | DID
XSL Labs
Upcoming NFTs and 250,000 $HOPR Treasure Hunt
Rik Krieger in HOPR
Home Networking: Enable Pi-Hole On Asus Routers
Ali Bahraminezhad
29

10. EOSIO Weekly Update w/ Corey Cottrell & Jimmy D
(3.4.2021)
Jimmy D
About Write Help Legal
Get the Medium app