Secure Web Development

Abstract

Modern web development comes with a variety of challenges that developers must consider, such as accessibility, responsive design, performance, speed, and scalability to name a few. Unfortunately, due to a lack of time and resources, other fundamentals sometimes go overlooked or are outright ignored - especially when it comes to security. Overlooking cyber security in an organization can turn out to be costly, with some estimates suggesting that damages related to cybercrime is projected to be $6 trillion globally in 2021. In the past two years, the coronavirus pandemic was also responsible in the uptick of cybercrime worldwide and high-profile cases such as the SolarWinds hack and the Vastaamo data breach should serve as a cautionary tale for companies. This thesis attempts to serve as a condensed guide on current security trends and how to incorporate robust security practices into their products, for up-and-coming software developers. The thesis will also look at the common pitfalls that web developers can avoid, to create more secure products. This thesis also tries to provide an understanding of how a potential hacker acts and thinks, and on this basis create guidelines on how to defend against potential attacks. The thesis is mostly research based, and relies on academic papers, white papers published by reputed cyber security firms, web development cyber security guidelines by reputed foundations such as Mozilla and OWASP, and on podcast materials from Cyber Security Sauna (F-Secure) and Darknet Diaries.