Notification: Our email services are now fully restored after a brief, temporary outage caused by a denial-of-service (DoS) attack. If you sent an email on Dec 6 and haven't received a response, please resend your email.
CFP last date
20 December 2024
Reseach Article

Programmer Protocol for Identification and Defense of Latest Web Application Security Threats using Open Source Tools

by Devang Sharma
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 76 - Number 13
Year of Publication: 2013
Authors: Devang Sharma
10.5120/13308-0843

Devang Sharma . Programmer Protocol for Identification and Defense of Latest Web Application Security Threats using Open Source Tools. International Journal of Computer Applications. 76, 13 ( August 2013), 24-32. DOI=10.5120/13308-0843

@article{ 10.5120/13308-0843,
author = { Devang Sharma },
title = { Programmer Protocol for Identification and Defense of Latest Web Application Security Threats using Open Source Tools },
journal = { International Journal of Computer Applications },
issue_date = { August 2013 },
volume = { 76 },
number = { 13 },
month = { August },
year = { 2013 },
issn = { 0975-8887 },
pages = { 24-32 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume76/number13/13308-0843/ },
doi = { 10.5120/13308-0843 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T21:45:48.707807+05:30
%A Devang Sharma
%T Programmer Protocol for Identification and Defense of Latest Web Application Security Threats using Open Source Tools
%J International Journal of Computer Applications
%@ 0975-8887
%V 76
%N 13
%P 24-32
%D 2013
%I Foundation of Computer Science (FCS), NY, USA
Abstract

There has been an exponential increase in the number of attacks on web applications during the recent years. This paper presents a guideline for programmers to develop robust web applications in terms of security by identification of latest web application security vulnerabilities and devising their control using open source dynamic and static web application security assessment tools. A highly vulnerable web application is taken as a sample and it is projected to dynamic tools which lookup for security loopholes in it according to its behavior in the actual working environment and static tools lookup for security loopholes in the programming logics by static analysis of the actual source code. Finally, the concept of a static analysis monitoring tool is given which can serve a fool proof solution for one of the most encountered attack namely, Cross Site Scripting (XSS).

References
  1. Online Web Application Security Project (OWASP).
  2. Web Application Security: Too costly to ignore. 2008. Hewlett-Packard Development Company.
  3. Hacking Exposed. Web Applications: Web Application Security Secrets and Solution. Third Edition. Joel Scambray, Vincent Liu, Caleb Sima.
  4. The Web Application Hacker's Handbook. Finding and Exploiting Security Flaws. Second Edition. Dafydd Stuttard, Marcus Pinto.
  5. Web Application Security. A Beginner's Guide. Bryan Sullivan, Vincent Liu.
  6. Building a Web Application Security Program. Securosis, L. L. C.
  7. A Survey on Web Application Security. Xiaowei Li, Yuan Xue.
  8. Structured Query Language Injection (SQLI) Attacks: Detection and Prevention Techniques in Web Application Technologies by Wisdom Kwawu Torgby and Nana Yaw Asabere. IJCA Volume 71-No. 11, May 2013.
  9. SQL injection attack Detection using SVM by Romil Rawat and Shailendra Kumar Shrivastav IJCA Volume 42-No. 13, March 2012.
  10. Safe Guard Anomalies against SQL Injection Attacks by Romil Rawat, Chandrapal Singh Dangi, Jagdish Patil. IJCA Volume 22-No. 2, May 2011.
  11. Microsoft Security Development Lifecycle. Quick Security Reference: SQL Injection. Updated November 5, 2010.
  12. An Authentication Mechanism to prevent SQL Injection Attacks by Indrani Balasundaram and E. Ramaraj. IJCA Volume 19-No. 1, April 2013.
  13. Consideration Points: Detecting Cross-Site Scripting by Suman Saha. IJCSIS Volume 4,2009.
  14. Cross Site Scripting: An Overview by Vishwajit S. Patil, Dr. G. R. Bamnote and Sanil S. Nair. ISDMISC 2011 Proceedings published by IJCA.
  15. A Review on Web Application Security Vulnerabilities by Ashwani Garg, Shekhar Singh. IJARCSSE. Volume-3, Issue-1, January 2013.
Index Terms

Computer Science
Information Sciences

Keywords

OWASP Vulnerabilities Web Application Security Assessment Injection XSS Broken Authentication and Session Management Insecure Direct Object References Security Misconfiguration CSRF Unvalidated Redirects and Forwards