7.7 Web Application Security

Web Application security is of paramount concern to owners as well as consumers of the website. A lot of security threats are handled at data centres and server administrator level where the application is hosted. Application developers should however be sensitive about security aspects, as a large number of security threats arise due to vulnerability of application software code.

These application driven attacks sometimes turn out to be quite fatal. Best Practices to follow while developing web applications using various technologies are available on CERT-IN website ( as well as in internet space. Developers should read, understand and follow these Best Practices during development. NIC as well as CERT.IN have empaneled a number of agencies to conduct the security audit of applications.


Each website/application MUST undergo a security audit from empaneled agencies and clear the same, prior to hosting and after addition of new modules.


Department MUST formulate a security policy to address various security issues related to the website.