Abstract

With the rapid development of the Internet, web applications are becoming more and more popular. Many people, groups, organizations, or governments use web applications as a means to share information or support business tasks. With the growing number of threats and attacks on web applications, organizations need a more effective concept of web application security. The article is devoted to the security of web applications and methods of ensuring security on a three-level data protection architecture. A three-level architecture is an architectural model of a software package that assumes that it has three components: a client, an application server, and a database server. Web application security is about protecting the privacy, integrity, and availability of an organization's web resources, as well as its reputation. It also includes policies, procedures, laws, people, and practices. Security, like other components of a web application, is best managed if it is planned at the initial stage of application development. The article also describes the methods of ensuring security. These methods will help security professionals develop security policies, conduct risk assessments, and eliminate potential risks in a cost-effective way.