CFP last date
20 December 2024
Call for Paper
January Edition
IJCA solicits high quality original research papers for the upcoming January edition of the journal. The last date of research paper submission is 20 December 2024

Submit your paper
Know more
The week's pick
Responsive image
Improved Shuffled Frog Leaping Algorithm with Self-Adaptive Shuffling for Fuzzy Logic PD+G Controller Optimization in Robotic Manipulators

Duc Hoang Nguyen
Random Articles
Reseach Article

Writing Secure Code in the Digital Age: Preventing Common Vulnerabilities

by Vamsi Thatikonda, Hemavantha Rajesh Varma Mudunuri
journal cover thumbnail

International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 185 - Number 37
Year of Publication: 2023
Authors: Vamsi Thatikonda, Hemavantha Rajesh Varma Mudunuri
10.5120/ijca2023923181

Vamsi Thatikonda, Hemavantha Rajesh Varma Mudunuri . Writing Secure Code in the Digital Age: Preventing Common Vulnerabilities. International Journal of Computer Applications. 185, 37 ( Oct 2023), 48-51. DOI=10.5120/ijca2023923181

@article{ 10.5120/ijca2023923181,
author = { Vamsi Thatikonda, Hemavantha Rajesh Varma Mudunuri },
title = { Writing Secure Code in the Digital Age: Preventing Common Vulnerabilities },
journal = { International Journal of Computer Applications },
issue_date = { Oct 2023 },
volume = { 185 },
number = { 37 },
month = { Oct },
year = { 2023 },
issn = { 0975-8887 },
pages = { 48-51 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume185/number37/32935-2023923181/ },
doi = { 10.5120/ijca2023923181 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-07T01:28:04.728711+05:30
%A Vamsi Thatikonda
%A Hemavantha Rajesh Varma Mudunuri
%T Writing Secure Code in the Digital Age: Preventing Common Vulnerabilities
%J International Journal of Computer Applications
%@ 0975-8887
%V 185
%N 37
%P 48-51
%D 2023
%I Foundation of Computer Science (FCS), NY, USA
Abstract

It is important for a developer to consider writing secure code to protect the system from arising vulnerabilities within software applications that support the entire framework. Common threats including SQL injection, XSS, and CSRF have been explored in the research which highlight the significance of adopting best practices from the industry for input validation, output encoding and adequate authentication. Tools including static and dynamic analysis have been considered as secure coding tools and have also been discussed within the report. There is also a strong emphasis over following coding standards including the OWASP Top Ten. The Secure Software Development Lifecycle (SDLC) has been discussed, in relation of its integration across all stages of the software. Case studies from the real world have been utilized to shed light over the consequences of vulnerabilities within software. Finally, leveraging an informed approach, the report advice placing perpetual importance over secure coding to reduce the chances of risks in software integrity.

References
  1. A. Delplace, S. Hermoso and K. Anandita, "Cyber attack detection thanks to machine learning algorithms," 2020.
  2. A. W. Khan, S. Zaib, F. Khan, I. Tarimer, J. T. Seo and J. Shin, "Analyzing and evaluating critical cyber security challenges faced by vendor organizations in software development: SLR based approach," IEEE Access, vol. 10, pp. 65044-65054, 2022.
  3. B. Nagpal, N. Chauhan and N. Singh, "SECSIX: security engine for CSRF, SQL injection and XSS attacks.," International Journal of System Assurance Engineering and Management, vol. 8, pp. 631-644, 2017.
  4. N. Daswani, M. Elbayadi, N. Daswani and M. Elbayadi, "The Equifax Breach," Big Breaches: Cybersecurity Lessons for Everyone, pp. 75-95, 2021.
  5. J. Sidhu, R. Sakhuja and D. Zhou, "Attacks on eBay," 2016.
  6. H. Fadlallah, "Using parameterized queries to avoid SQL injection," SQL Shack, 18 November 2022. [Online]. Available: https://www.sqlshack.com/using-parameterized-queries-to-avoid-sql-injection/#:~:text=One%20of%20the%20most%20common,values%20are%20passed%20as%20parameters.. [Accessed 28 August 2023].
  7. LinkedIn, "What are the best practices for output encoding to prevent XSS attacks?," LinkedIn, [Online]. Available: https://www.linkedin.com/advice/1/what-best-practices-output-encoding-prevent. [Accessed 29 August 2023].
  8. A. Henricks and H. Kettani, "On data protection using multi-factor authentication," Proceedings of the 2019 International Conference on Information System and System Management, pp. 1-4, 2019.
  9. OWASP, "Cross-Site Request Forgery Prevention Cheat Sheet," OWASP, [Online]. Available: https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html. [Accessed 29 August 2023].
  10. N. Sun, J. Zhang, P. Rimba, S. Gao, L. Y. Zhang and Y. Xiang, "Data-driven cybersecurity incident prediction: A survey," IEEE communications surveys & tutorials, vol. 21, no. 2, pp. 1744-1772, 2018.
  11. R. A. Calix, S. B. Singh, T. Chen, D. Zhang and M. Tu, "Cyber security tool kit (CyberSecTK): A Python library for machine learning and cyber security," Information, vol. 11, no. 2, p. 100, 2020.
  12. K. Nagendran, A. Adithyan, R. Chethana, P. Camillus and K. B. S. Varshini, "Web application penetration testing," Int. J. Innov. Technol. Explor. Eng, vol. 8, no. 10, pp. 1029-1035, 2019.
  13. OWASP, "OWASP Top Ten," OWASP, [Online]. Available: https://owasp.org/www-project-top-ten/. [Accessed 29 August 2023].
  14. N. M. Mohammed, M. Niazi, M. Alshayeb and S. Mahmood, "Exploring software security approaches in software development lifecycle: A systematic mapping study," Computer Standards & Interfaces, vol. 50, pp. 107-115, 2017.
  15. X. Shu, K. Tian, A. Ciambrone and D. Yao, "Breaking the target: An analysis of target data breach and lessons learned," 2017.
  16. J. Fruhlinger, "Marriott data breach FAQ: How did it happen and what was the impact?," CSO, 11 February 2020. [Online]. Available: https://www.csoonline.com/article/567795/marriott-data-breach-faq-how-did-it-happen-and-what-was-the-impact.html. [Accessed 29 August 2023].
Index Terms

Computer Science
Information Sciences

Keywords

Secure code vulnerabilities software applications SQL injection XSS CSRF input validation output encoding secure coding tools static analysis dynamic analysis OWASP Top Ten Secure Software Development Lifecycle SDLC

Powered by PhDFocusTM