Date Added: Jun 2012
An understanding of the risks to which application will be exposed, can be a good starting point to design and implement secure web applications. Business oriented web applications need complex authentication policies to securely implement business processes. Threats against the confidentiality, availability and integrity of the data stored, processed and transmitted by application need to be matched against the policies, technologies and human factors that would protect them. The goal of this paper is to provide an insight into the secure development of web applications by exposing the pitfalls often encountered related to the authentication process and to security requirements that will ensure application is resilient to these attacks.