Are you only protecting your backend?
Web applications are client-server apps, performing operations on clients (front end) as well as servers (back end). Since servers reside on your corporate network, conducting transactions and maintaining high-value information such as usernames, passwords and usage data collected by the application, they are enticing targets for attackers.
To protect your business, data and customers, you probably have already implemented traditional application security tools for your server. A common solution is a web application firewall (WAF) to stop network-based attacks. However, even a WAF that claims to be at the application level sees only what’s coming on the network – it cannot see what’s happening on, or through, the browser (client side).
Why network security alone is insufficient
If an attacker analyzes the browser to see how client apps behave, the WAF will be none the wiser. Furthermore, the attacker can use this knowledge about the application’s behavior to more effectively outsmart the WAF in a client-based network attack.
How to protect the client side
Secure both client and server to protect your business
When starting any web app project, you need to consider protecting the entire application ecosystem. Unfortunately, web app frontends have been notoriously ignored while organizations focus on securing the backend. Without proper protections, web-based apps can serve as a useful tool to help attackers more effectively target server assets. By taking a comprehensive server and web app approach to application security, organizations can ensure they aren’t locking one door only to leave another one open.
The post Web application security: The piece you’re probably missing appeared first on SD Times.