1 On web application security
This chapter covers:
- Why web application security is important;
- ASP.NET Core offerings for creating web applications and APIs;
- Which parts of an application are at risk, and why;
- What to expect from this book.
Nine out of ten web applications have security vulnerabilities. This is the rather frightening result of a study[1] released in 2020 by Positive Technologies, a provider of various security solutions. Obviously, such results can often be biased towards the business model of those who conduct them, but several other studies from previous years yielded similar outcomes. Here’s a report about one study from 2009: https://www.darkreading.com/risk/majority-of-web-apps-have-severe-vulnerabilities.
They also found out that about four out of five web application vulnerabilities are part of the code, instead of, say, the server configuration. From this, we can deduce two trends:
- The major security risk for web applications is the code it is made of.
- The problem is industry-wide, and the situation does not seem to get better.
Often, a lack of security does not immediately show—until it’s too late and a web application has been successfully hacked. It is therefore mandatory to make web application security a top priority and to use security best practices from the very beginning of a project.