Abstract

Web applications can not be defended by firewall or any other security products. Web application defense strategies require secure coding at application level, knowing your application and protecting them by human intelligence. Knowing your application can lead to profiling your web assets in logical way. Profiling web assets provides better picture of various possible attacks set. Knowing entire attack set greatly helps in designing and implementing defense strategies. Various new design strategies are evolving in area of secure web coding, implementing HTTP/HTTPS security server extensions and following secure practices.