Top 10 ways to secure your SaaS application

September 30, 2013 Off By David

Grazed from ThoughtsOnCloud. Author: Abhi Deshmukh.

Did you know that the latest IBM 2013 Cyber Security Intelligence Index study indicates that an average organization sustains about 1,400 security events like SQL injection, spear phishing and URL tampering, per week? In addition, a recent study by Gartner indicates that most software as a service (SaaS) contracts do not adequately cover security aspects of the service.

Security

If you are a SaaS provider, you will need to check if your development team has implemented secure engineering practices in the design and code. I’d like to share a list of top 10 security issues that you should address to make sure your SaaS application is secure. This list has been curated by The Open Web Application Security Project (OWASP). The 2013 list includes the top 10 wide spread security vulnerabilities that most web applications face. The following is a brief listing of the top 10 security issues (by OWASP) that your SaaS offering should address:..

SQL, operating system or LDAP injection
Insecure authentication and session management
Cross-site scripting because of lack of data validation
Insecure exposure to references like files and directories
Incorrectly configured (from a security perspective) databases, middleware and operating systems
Exposing sensitive data like user IDs, passwords and personal identification information
Checking for access inside the business logic on the server side
Cross-site request forgery
Using components with known vulnerabilities
Unvalidated redirects and forwards…

CategoryNews

Cloud Security Alliance’s new guidelines focus on mobile, data management

Cisco, Intel push ‘trusted geolocation in the cloud’