Show TOC

 Secure User InterfaceLocate this document in the navigation structure

The trouble with Web applications is that you want users to come to your site and interact with the application. If the user makes unexpected entries (such as script commands) that the application does not handle correctly, an attacker could cause the server or the client/browser to perform unintended actions.

Therefore, the first guideline for developing a secure Web application is: Never trust any information coming from the outside, and never assume anything about it. All security decisions must have the underlying assumption that anything that can theoretically be manipulated by someone or something will actually be manipulated. For example, if an attacker makes entries like manipulated SQL statements and the application does not filter the entries, he or she can get access to the internal database (SQL Code Injection).

The following sections describe examples for different vulnerabilities in Web applications and explain how to prevent them with secure programming.

Related Information