CHAPTER 5: CONCLUSION
Web application security is a stack of attack surfaces and defensive mitigating solutions. It is not enough to protect web applications with only one technique, or at only one layer of the stack. Vulnerabilities in the platform, or in protocols, such as TCP or HTTP, are just as devastating to the security and availability of applications as attacks against the application itself.
A full stack of mitigating solutions is necessary to realise a positive web application security posture. It is important to note that a comprehensive approach requires collaboration across network, security, operations and development teams, as each has a role to play in protecting applications and their critical data.
Get Web Application Security is a Stack: How to CYA (Cover Your Apps) Completely now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.