SlideShare a Scribd company logo

Research Article On Web Application Security

โ€ข
โ€ข
S
SaadSaif6

This Is The Totally Hand Written Research Article On Web Application Security (Improving Critical Web-based Applications Quality Through In depth Security Analysis) This Research Article Was Made By Me After The Hard Working Of One Month. Its Best And Suitable For Your Research Paper And Also Used In Class For Present It And For Submission.

Education
1 of 6
Download to read offline
Web Application Security Improving Critical Web-based Applications Quality through in-depth Security Analysis SAAD SAIF Department Of Computer Sciences Lahore Garrison University Abstract The Internet, and specifically the World Wide Web, has gotten one of the most well-known correspondence mediums in the World. A huge number of clients associate regularly to various electronic applications to look for data, trade messages, communicate with one another, direct business, cover charges, perform money related activities and some more. A portion of these basic online administrations are focused by a few malignant clients expecting to abuse potential shortcomings and vulnerabilities, which could cause the disturbance of the administration, yet in addition bargain the clients and associations data. A large portion of the occasions, these noxious clients prevail with regards to abusing various kinds of vulnerabilities and the outcomes can be lamentable. Most of these vulnerabilities are legitimately related with the online applications absence of value therefore from an ineffectively executed programming advancement life cycle (SDLC). Keywords:- Web Application, Security, Automated Testing, Quality, Critical INTRODUCTION Security was, still and consistently will be one of the significant worries that basic frameworks have, particularly when sent in the World Wide Web, available through an internet browser. Presently a Days there are a giant proportion of organizations sent in the World Wide Web and individuals depend on this correspondence framework to per-structure regular tasks. Instances of these tasks are: charge installments, banking activities, e-shopping, email, government medicinal services framework activities, etc. Besides, in certain nations, these tasks are really required; one case of this is Portugal, where the open association organizations were totally sent in the Web targeting uniting government and resident. Most security concerns are currently related with the application level. This has one straightforward clarification, web applications are available through programs, and can be gotten to by everybody with
Internet. This has the intrinsic chance that great or seriously intentioned individuals can exploit this and perform malignant activities. The quantity of assaults reported by certain elements effectively affirms this. The National Institute of Standards and Technology (NIST) holds a National Vulnerability Database (NVD), which has more than 40000 vulnerabilities, distinguished in the application level as of March 13, 2010.This is moreover confirmed by the Gartner Gathering, which evaluates that 70% of the ambushes to an association's web application begin from the application level. WEB APPLICATIONS AS THE WEAKEST LINK Web applications no longer relates with back workplaces and home amusement. Nowadays, web applications have become the most significant applications throughout everybody's life and relates with most activities clients make in the Internet. Security experts regularly misjudge the genuine issues related with security blemishes these days - programming. Programming is the most fragile connection in security. Application level security relates with numerous issues inside this theme and it can't be limited to acceptable programming rehearses. Confirmation that security issues relate with programming is that, other than the quantity of utilization level vulnerabilities abused in the course of the most recent couple of years is developing, associations like OWASP , WASC, CERT PT, etc are turning into every day progressively dynamic and security experts are beginning to comprehend and accept absolutely their suggestions. Top 10 OWASP and the WASC risk gathering point precisely to the most notable application layer security issues, which get from an enormous experience from security specialists around the world. SECURITY INTEGRATION WITH THE SOLC The unconventionality and market demand in fundamental electronic applications has made an extension in the advancement of security models in the item improvement life cycle. One of the bases for these frameworks is that security must be accessible through every time of the SDLC thusly achieving quality as a last thing. This regularly includes correspondences and collaboration from top seats (CIO, CEO, and others), running down the chain of importance, through task administrators and designers. The purpose of this hierarchical mindfulness is basic, security is a procedure, not a last item, and ought to be managed thusly, incorporating encounters, dreams and worries from everybody. Microsoft Security Development Lifecycle (MS DLe) Microsoft's strategy is perhaps one of the most utilized in the business territory. This is generally determined by the way that their items are available through each market and advances, implementing the utilization of their examples. MS OLC is depicted by Microsoft as being flexible (applies to enormous, medium and little organizations, to different improvement systems and to any stage), savvy (they present an examination by NIST which guarantees that code fixes after the sending can go up to 30 time than if act in the advancement stage) and quantifiable (they present investigations contrasting the quantity of vulnerabilities and without their foundation).Building Security in Maturity Model (BSIMM)
OWASP Software Assurance Maturity Model (SAMM) The OWASP SAMM is a structure, which points helping associations to plan a security system for programming security. This system gives all the assets to free and helps in: โ€ข Assessing the current practices in the association related with programming security โ€ข Building a decent programming security confirmation program for explicit emphases โ€ข Exhibiting upgrades to a security confirmation program โ€ข Characterizing and estimating security-related exercises all through an association. Literature Review Over the latest couple of years, application-level vulnerabilities have been abused with real outcomes. Software engineers have misdirected online business regions into transportation stock for no charge, usernames and passwords have been harvested, and characterized information, (for instance, areas and MasterCard numbers) has been spilled. Scientists begin to research new instruments and procedures which address the issue of utilization level web security from numerous headings pre, inside, and post. Glisson and Well and in fight that security should be started first before the application progression process direct through a self-governing versatile system that contains customizable security parts. Literature Survey Among the numerous assaults on Web applications, cross-website scripting (XSS) is one of the most widely recognized. A XSS ambush incorporates mixing poisonous substance into a trusted in site that executes on a visitor's program without the visitor's data and in this manner enables the aggressor to get to unstable customer data, for instance, meeting tokens and treats set aside on the program. With this data, attackers can execute a couple of malignant acts, including misrepresentation, key-logging, phishing, customer emulate, and webcam incitation
Confusion Matrix Results In All Articles I read that the web applications are more secure and well defined applications which are best as web services which provided us by Google and other search engine. So there is also a lot of work which ion all web applications for their security and other harmful activities which can give harm them. So all experts work, analysis and testing on web applications and try to safe critical information which is not used by the third party. Title Improving Critical Web-based Applications Quality through in-depth Security Analysis Web Application Security Tools Analysis Tool-Based Approach to Assessing Web Application Security Semantic security against web application attacks Privacy Solutions
Conclusion Basic web applications quality can't be isolated from security issues. Security must be available in each basic web application as it is a quality measure each client take as allowed. In this paper we centered in the coordination of security rehearses in the SDLC. The SDLC targets stigmatizing examples and principles for creating programming with a better level. The coordination of security inside those models is imperative for these applications, and consequently, security exercises were characterized by each phase of the SDLC, prompting an expansion of web applications quality through the whole improvement process. Web applications are these days the door among individuals and regular activities with the whole world. This must be comprehended, and along these lines, quality norms must be raised, which from our perspective, it can just occur with the expansion of security. References [1] Backtrack (2011). Backtrack Linux - penetration testing distribution website. http://www.backtrack- linux.orgl. (Access date: IS June 2011) [2] Brunel D. Romero M., H. M. H. and A, 1. E. M. (2009). A methodological tool for asset identification in web applications. In IEEE Fourth International Conference on Software Engineering Advances, pages 413--418. IEEE. [3] BSIMM (2011). The building security in maturity model. http://bsimm.coml. (Access date: IS June 2011). [4] CERT.PT (2010). Cert.pt web site. http://www.cert.ptl. Consortium, W. AS. (2010a). (Access date: IS June 2011). [5] WASC Threat Classification version 2.0. WASC. Consortium, W. AS. (2010b). Web application security consortium web site. http://www.webappsec.orgl. (Access date: IS June 2011). [6] Duan, B., Zhang, Y., and Gun D. (2008). An easy-to-deploy penetration testing platform. In Young Computer Sci- enlists, 2008. ICYCS 2008. The 9th International Con- ference for, pages 2314 -2318. [7] Fong, E. and Okun, V. (2007). Web application scanners: Definitions and functions. In System Sciences, 2007. HICSS 2007. 40th Annual Hawaii International Con- ference on, page 280b. [8] Madan, S. and Madan, S. (2010). Security standards per- spective to fortify web database applications from code injection attack. In IEEE International Confer- ence on Intelligent Systems, Modeling and Simulation. IEEE.
Research Article On Web Application Security

Recommended

Research Paper
Research PaperResearch Paper
Research Paper
David Chaponniere
ย 
Research challenges and issues in web security
Research challenges and issues in web securityResearch challenges and issues in web security
Research challenges and issues in web security
IAEME Publication
ย 
Contending Malware Threat using Hybrid Security Model
Contending Malware Threat using Hybrid Security ModelContending Malware Threat using Hybrid Security Model
Contending Malware Threat using Hybrid Security Model
IRJET Journal
ย 
Security Firm Program - Corporate College
Security Firm Program - Corporate CollegeSecurity Firm Program - Corporate College
Security Firm Program - Corporate College
WorkSmart Integrated Marketing
ย 
Ultimate_Guide_to_getting_started_with_AppSec
Ultimate_Guide_to_getting_started_with_AppSecUltimate_Guide_to_getting_started_with_AppSec
Ultimate_Guide_to_getting_started_with_AppSec
Jessica Lavery Pozerski
ย 
Unique Security Challenges in the Datacenter Demand Innovative Solutions
Unique Security Challenges in the Datacenter Demand Innovative SolutionsUnique Security Challenges in the Datacenter Demand Innovative Solutions
Unique Security Challenges in the Datacenter Demand Innovative Solutions
Juniper Networks
ย 
ultimate-guide-to-getting-started-with-appsec-veracode
ultimate-guide-to-getting-started-with-appsec-veracodeultimate-guide-to-getting-started-with-appsec-veracode
ultimate-guide-to-getting-started-with-appsec-veracode
Sean Varga
ย 
Application Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting ReputationsApplication Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting Reputations
Cognizant
ย 

Recommended

Research Paper
Research PaperResearch Paper
Research Paper
David Chaponniere
ย 
Research challenges and issues in web security
Research challenges and issues in web securityResearch challenges and issues in web security
Research challenges and issues in web security
IAEME Publication
ย 
Contending Malware Threat using Hybrid Security Model
Contending Malware Threat using Hybrid Security ModelContending Malware Threat using Hybrid Security Model
Contending Malware Threat using Hybrid Security Model
IRJET Journal
ย 
Security Firm Program - Corporate College
Security Firm Program - Corporate CollegeSecurity Firm Program - Corporate College
Security Firm Program - Corporate College
WorkSmart Integrated Marketing
ย 
Ultimate_Guide_to_getting_started_with_AppSec
Ultimate_Guide_to_getting_started_with_AppSecUltimate_Guide_to_getting_started_with_AppSec
Ultimate_Guide_to_getting_started_with_AppSec
Jessica Lavery Pozerski
ย 
Unique Security Challenges in the Datacenter Demand Innovative Solutions
Unique Security Challenges in the Datacenter Demand Innovative SolutionsUnique Security Challenges in the Datacenter Demand Innovative Solutions
Unique Security Challenges in the Datacenter Demand Innovative Solutions
Juniper Networks
ย 
ultimate-guide-to-getting-started-with-appsec-veracode
ultimate-guide-to-getting-started-with-appsec-veracodeultimate-guide-to-getting-started-with-appsec-veracode
ultimate-guide-to-getting-started-with-appsec-veracode
Sean Varga
ย 
Application Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting ReputationsApplication Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting Reputations
Cognizant
ย 
IMPLEMENTATION OF MOSRE FRAMEWORK FOR A WEB APPLICATION - A CASE STUDY
IMPLEMENTATION OF MOSRE FRAMEWORK FOR A WEB APPLICATION - A CASE STUDYIMPLEMENTATION OF MOSRE FRAMEWORK FOR A WEB APPLICATION - A CASE STUDY
IMPLEMENTATION OF MOSRE FRAMEWORK FOR A WEB APPLICATION - A CASE STUDY
ijwscjournal
ย 
How can we predict vulnerabilities to prevent them from causing data losses
How can we predict vulnerabilities to prevent them from causing data lossesHow can we predict vulnerabilities to prevent them from causing data losses
How can we predict vulnerabilities to prevent them from causing data losses
Abhishek BV
ย 
Turning the Tables on Cyber Attacks
Turning the Tables on Cyber AttacksTurning the Tables on Cyber Attacks
Turning the Tables on Cyber Attacks
- Mark - Fullbright
ย 
An Empirical Study on the Security Measurements of Websites of Jordanian Publ...
An Empirical Study on the Security Measurements of Websites of Jordanian Publ...An Empirical Study on the Security Measurements of Websites of Jordanian Publ...
An Empirical Study on the Security Measurements of Websites of Jordanian Publ...
CSCJournals
ย 
Whitepaper: BATTLING IT OUT: APPLICATION AND MOBILE SECURITY - Happiest Minds
Whitepaper: BATTLING IT OUT: APPLICATION AND MOBILE SECURITY - Happiest MindsWhitepaper: BATTLING IT OUT: APPLICATION AND MOBILE SECURITY - Happiest Minds
Whitepaper: BATTLING IT OUT: APPLICATION AND MOBILE SECURITY - Happiest Minds
Happiest Minds Technologies
ย 
web security
web securityweb security
web security
Myprivateresearcher.com
ย 
Cisco 2014 Midyear Security Report
Cisco 2014 Midyear Security ReportCisco 2014 Midyear Security Report
Cisco 2014 Midyear Security Report
Cisco Security
ย 
Survey of different Web Application Attacks & Its Preventive Measures
Survey of different Web Application Attacks & Its Preventive MeasuresSurvey of different Web Application Attacks & Its Preventive Measures
Survey of different Web Application Attacks & Its Preventive Measures
IOSR Journals
ย 
Whitepaper - CISO Guide_6pp
Whitepaper - CISO Guide_6ppWhitepaper - CISO Guide_6pp
Whitepaper - CISO Guide_6pp
Eric Zhuo
ย 
2013 Mobile Application Security Survey
2013 Mobile Application Security Survey2013 Mobile Application Security Survey
2013 Mobile Application Security Survey
Bee_Ware
ย 
Wp evolving-threats-endpoint-security
Wp evolving-threats-endpoint-securityWp evolving-threats-endpoint-security
Wp evolving-threats-endpoint-security
Ai K
ย 
State of Web Application Security by Ponemon Institute
State of Web Application Security by Ponemon InstituteState of Web Application Security by Ponemon Institute
State of Web Application Security by Ponemon Institute
Jeremiah Grossman
ย 
The Shifting State of Endpoint Risk: Key Strategies to Implement in 2011
The Shifting State of Endpoint Risk: Key Strategies to Implement in 2011The Shifting State of Endpoint Risk: Key Strategies to Implement in 2011
The Shifting State of Endpoint Risk: Key Strategies to Implement in 2011
Lumension
ย 
CYBER SECURITY: A SURVEY ON ISSUES AND SOLUTIONS
CYBER SECURITY: A SURVEY ON ISSUES AND SOLUTIONSCYBER SECURITY: A SURVEY ON ISSUES AND SOLUTIONS
CYBER SECURITY: A SURVEY ON ISSUES AND SOLUTIONS
IAEME Publication
ย 
Rational Unified Treatment for Web Application Vulnerability Assessment
Rational Unified Treatment for Web Application Vulnerability AssessmentRational Unified Treatment for Web Application Vulnerability Assessment
Rational Unified Treatment for Web Application Vulnerability Assessment
VESIT/University of Mumbai
ย 
Bitdefender - Solution Paper - Active Threat Control
Bitdefender - Solution Paper - Active Threat ControlBitdefender - Solution Paper - Active Threat Control
Bitdefender - Solution Paper - Active Threat Control
Jose Lopez
ย 
An efficient control of virus propagation
An efficient control of virus propagationAn efficient control of virus propagation
An efficient control of virus propagation
UltraUploader
ย 
A Review paper on Securing PHP based websites From Web Application Vulnerabil...
A Review paper on Securing PHP based websites From Web Application Vulnerabil...A Review paper on Securing PHP based websites From Web Application Vulnerabil...
A Review paper on Securing PHP based websites From Web Application Vulnerabil...
Editor IJMTER
ย 
Top 6 Web Application Security Best Practices.pdf
Top 6 Web Application Security Best Practices.pdfTop 6 Web Application Security Best Practices.pdf
Top 6 Web Application Security Best Practices.pdf
SolviosTechnology
ย 
IMPLEMENTATION OF MOSRE FRAMEWORK FOR A WEB APPLICATION - A CASE STUDY
IMPLEMENTATION OF MOSRE FRAMEWORK FOR A WEB APPLICATION - A CASE STUDYIMPLEMENTATION OF MOSRE FRAMEWORK FOR A WEB APPLICATION - A CASE STUDY
IMPLEMENTATION OF MOSRE FRAMEWORK FOR A WEB APPLICATION - A CASE STUDY
ijwscjournal
ย 
University-of-Miami_MEDINA
University-of-Miami_MEDINAUniversity-of-Miami_MEDINA
University-of-Miami_MEDINA
Kelvin Medina, CISSP, PA-QSA, QSA, GCIH, CISA, ITIL
ย 
Web app penetration testing best methods tools used
Web app penetration testing best methods tools usedWeb app penetration testing best methods tools used
Web app penetration testing best methods tools used
Zoe Gilbert
ย 

More Related Content

What's hot

IMPLEMENTATION OF MOSRE FRAMEWORK FOR A WEB APPLICATION - A CASE STUDY
IMPLEMENTATION OF MOSRE FRAMEWORK FOR A WEB APPLICATION - A CASE STUDYIMPLEMENTATION OF MOSRE FRAMEWORK FOR A WEB APPLICATION - A CASE STUDY
IMPLEMENTATION OF MOSRE FRAMEWORK FOR A WEB APPLICATION - A CASE STUDY
ijwscjournal
ย 
Turning the Tables on Cyber Attacks
Turning the Tables on Cyber AttacksTurning the Tables on Cyber Attacks
Turning the Tables on Cyber Attacks
- Mark - Fullbright
ย 
An Empirical Study on the Security Measurements of Websites of Jordanian Publ...
An Empirical Study on the Security Measurements of Websites of Jordanian Publ...An Empirical Study on the Security Measurements of Websites of Jordanian Publ...
An Empirical Study on the Security Measurements of Websites of Jordanian Publ...
CSCJournals
ย 
Whitepaper - CISO Guide_6pp
Whitepaper - CISO Guide_6ppWhitepaper - CISO Guide_6pp
Whitepaper - CISO Guide_6pp
Eric Zhuo
ย 
State of Web Application Security by Ponemon Institute
State of Web Application Security by Ponemon InstituteState of Web Application Security by Ponemon Institute
State of Web Application Security by Ponemon Institute
Jeremiah Grossman
ย 
The Shifting State of Endpoint Risk: Key Strategies to Implement in 2011
The Shifting State of Endpoint Risk: Key Strategies to Implement in 2011The Shifting State of Endpoint Risk: Key Strategies to Implement in 2011
The Shifting State of Endpoint Risk: Key Strategies to Implement in 2011
Lumension
ย 
CYBER SECURITY: A SURVEY ON ISSUES AND SOLUTIONS
CYBER SECURITY: A SURVEY ON ISSUES AND SOLUTIONSCYBER SECURITY: A SURVEY ON ISSUES AND SOLUTIONS
CYBER SECURITY: A SURVEY ON ISSUES AND SOLUTIONS
IAEME Publication
ย 
An efficient control of virus propagation
An efficient control of virus propagationAn efficient control of virus propagation
An efficient control of virus propagation
UltraUploader
ย 
A Review paper on Securing PHP based websites From Web Application Vulnerabil...
A Review paper on Securing PHP based websites From Web Application Vulnerabil...A Review paper on Securing PHP based websites From Web Application Vulnerabil...
A Review paper on Securing PHP based websites From Web Application Vulnerabil...
Editor IJMTER
ย 

What's hot (18)

IMPLEMENTATION OF MOSRE FRAMEWORK FOR A WEB APPLICATION - A CASE STUDY
IMPLEMENTATION OF MOSRE FRAMEWORK FOR A WEB APPLICATION - A CASE STUDYIMPLEMENTATION OF MOSRE FRAMEWORK FOR A WEB APPLICATION - A CASE STUDY
IMPLEMENTATION OF MOSRE FRAMEWORK FOR A WEB APPLICATION - A CASE STUDY
ย 
How can we predict vulnerabilities to prevent them from causing data losses
How can we predict vulnerabilities to prevent them from causing data lossesHow can we predict vulnerabilities to prevent them from causing data losses
How can we predict vulnerabilities to prevent them from causing data losses
ย 
Turning the Tables on Cyber Attacks
Turning the Tables on Cyber AttacksTurning the Tables on Cyber Attacks
Turning the Tables on Cyber Attacks
ย 
An Empirical Study on the Security Measurements of Websites of Jordanian Publ...
An Empirical Study on the Security Measurements of Websites of Jordanian Publ...An Empirical Study on the Security Measurements of Websites of Jordanian Publ...
An Empirical Study on the Security Measurements of Websites of Jordanian Publ...
ย 
Whitepaper: BATTLING IT OUT: APPLICATION AND MOBILE SECURITY - Happiest Minds
Whitepaper: BATTLING IT OUT: APPLICATION AND MOBILE SECURITY - Happiest MindsWhitepaper: BATTLING IT OUT: APPLICATION AND MOBILE SECURITY - Happiest Minds
Whitepaper: BATTLING IT OUT: APPLICATION AND MOBILE SECURITY - Happiest Minds
ย 
web security
web securityweb security
web security
ย 
Cisco 2014 Midyear Security Report
Cisco 2014 Midyear Security ReportCisco 2014 Midyear Security Report
Cisco 2014 Midyear Security Report
ย 
Survey of different Web Application Attacks & Its Preventive Measures
Survey of different Web Application Attacks & Its Preventive MeasuresSurvey of different Web Application Attacks & Its Preventive Measures
Survey of different Web Application Attacks & Its Preventive Measures
ย 
Whitepaper - CISO Guide_6pp
Whitepaper - CISO Guide_6ppWhitepaper - CISO Guide_6pp
Whitepaper - CISO Guide_6pp
ย 
2013 Mobile Application Security Survey
2013 Mobile Application Security Survey2013 Mobile Application Security Survey
2013 Mobile Application Security Survey
ย 
Wp evolving-threats-endpoint-security
Wp evolving-threats-endpoint-securityWp evolving-threats-endpoint-security
Wp evolving-threats-endpoint-security
ย 
State of Web Application Security by Ponemon Institute
State of Web Application Security by Ponemon InstituteState of Web Application Security by Ponemon Institute
State of Web Application Security by Ponemon Institute
ย 
The Shifting State of Endpoint Risk: Key Strategies to Implement in 2011
The Shifting State of Endpoint Risk: Key Strategies to Implement in 2011The Shifting State of Endpoint Risk: Key Strategies to Implement in 2011
The Shifting State of Endpoint Risk: Key Strategies to Implement in 2011
ย 
CYBER SECURITY: A SURVEY ON ISSUES AND SOLUTIONS
CYBER SECURITY: A SURVEY ON ISSUES AND SOLUTIONSCYBER SECURITY: A SURVEY ON ISSUES AND SOLUTIONS
CYBER SECURITY: A SURVEY ON ISSUES AND SOLUTIONS
ย 
Rational Unified Treatment for Web Application Vulnerability Assessment
Rational Unified Treatment for Web Application Vulnerability AssessmentRational Unified Treatment for Web Application Vulnerability Assessment
Rational Unified Treatment for Web Application Vulnerability Assessment
ย 
Bitdefender - Solution Paper - Active Threat Control
Bitdefender - Solution Paper - Active Threat ControlBitdefender - Solution Paper - Active Threat Control
Bitdefender - Solution Paper - Active Threat Control
ย 
An efficient control of virus propagation
An efficient control of virus propagationAn efficient control of virus propagation
An efficient control of virus propagation
ย 
A Review paper on Securing PHP based websites From Web Application Vulnerabil...
A Review paper on Securing PHP based websites From Web Application Vulnerabil...A Review paper on Securing PHP based websites From Web Application Vulnerabil...
A Review paper on Securing PHP based websites From Web Application Vulnerabil...
ย 

Similar to Research Article On Web Application Security

IMPLEMENTATION OF MOSRE FRAMEWORK FOR A WEB APPLICATION - A CASE STUDY
IMPLEMENTATION OF MOSRE FRAMEWORK FOR A WEB APPLICATION - A CASE STUDYIMPLEMENTATION OF MOSRE FRAMEWORK FOR A WEB APPLICATION - A CASE STUDY
IMPLEMENTATION OF MOSRE FRAMEWORK FOR A WEB APPLICATION - A CASE STUDY
ijwscjournal
ย 
OverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateOverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrate
Kashif Ali
ย 
Veracode Corporate Overview - Print
Veracode Corporate Overview - PrintVeracode Corporate Overview - Print
Veracode Corporate Overview - Print
Andrew Kanikuru
ย 
Intelligence on the Intractable Problem of Software Security
Intelligence on the Intractable Problem of Software SecurityIntelligence on the Intractable Problem of Software Security
Intelligence on the Intractable Problem of Software Security
Tyler Shields
ย 
Research Paper TopicITS835 โ€“ Enterprise Risk Managemen.docx
Research Paper TopicITS835 โ€“ Enterprise Risk Managemen.docxResearch Paper TopicITS835 โ€“ Enterprise Risk Managemen.docx
Research Paper TopicITS835 โ€“ Enterprise Risk Managemen.docx
audeleypearl
ย 
AbstractCloud computing technology has become the new fron.docx
AbstractCloud computing technology has become the new fron.docxAbstractCloud computing technology has become the new fron.docx
AbstractCloud computing technology has become the new fron.docx
SALU18
ย 

Similar to Research Article On Web Application Security (20)

Top 6 Web Application Security Best Practices.pdf
Top 6 Web Application Security Best Practices.pdfTop 6 Web Application Security Best Practices.pdf
Top 6 Web Application Security Best Practices.pdf
ย 
IMPLEMENTATION OF MOSRE FRAMEWORK FOR A WEB APPLICATION - A CASE STUDY
IMPLEMENTATION OF MOSRE FRAMEWORK FOR A WEB APPLICATION - A CASE STUDYIMPLEMENTATION OF MOSRE FRAMEWORK FOR A WEB APPLICATION - A CASE STUDY
IMPLEMENTATION OF MOSRE FRAMEWORK FOR A WEB APPLICATION - A CASE STUDY
ย 
University-of-Miami_MEDINA
University-of-Miami_MEDINAUniversity-of-Miami_MEDINA
University-of-Miami_MEDINA
ย 
Web app penetration testing best methods tools used
Web app penetration testing best methods tools usedWeb app penetration testing best methods tools used
Web app penetration testing best methods tools used
ย 
OverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateOverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrate
ย 
Veracode Corporate Overview - Print
Veracode Corporate Overview - PrintVeracode Corporate Overview - Print
Veracode Corporate Overview - Print
ย 
A Resiliency Framework For An Enterprise Cloud
A Resiliency Framework For An Enterprise CloudA Resiliency Framework For An Enterprise Cloud
A Resiliency Framework For An Enterprise Cloud
ย 
Unified application security analyser
Unified application security analyserUnified application security analyser
Unified application security analyser
ย 
Application Security in Times of Globalization
Application Security in Times of GlobalizationApplication Security in Times of Globalization
Application Security in Times of Globalization
ย 
Intelligence on the Intractable Problem of Software Security
Intelligence on the Intractable Problem of Software SecurityIntelligence on the Intractable Problem of Software Security
Intelligence on the Intractable Problem of Software Security
ย 
Cisco_eBook_ShiftLeftSecurity_2022_06_07a.pdf
Cisco_eBook_ShiftLeftSecurity_2022_06_07a.pdfCisco_eBook_ShiftLeftSecurity_2022_06_07a.pdf
Cisco_eBook_ShiftLeftSecurity_2022_06_07a.pdf
ย 
Security-First Development_ Safeguarding Your Software from Threats.pdf
Security-First Development_ Safeguarding Your Software from Threats.pdfSecurity-First Development_ Safeguarding Your Software from Threats.pdf
Security-First Development_ Safeguarding Your Software from Threats.pdf
ย 
Key elements of security threat
Key elements of security threatKey elements of security threat
Key elements of security threat
ย 
Why security is the kidney not the tail of the dog v3
Why security is the kidney not the tail of the dog v3Why security is the kidney not the tail of the dog v3
Why security is the kidney not the tail of the dog v3
ย 
V01 i010413
V01 i010413V01 i010413
V01 i010413
ย 
Research Paper TopicITS835 โ€“ Enterprise Risk Managemen.docx
Research Paper TopicITS835 โ€“ Enterprise Risk Managemen.docxResearch Paper TopicITS835 โ€“ Enterprise Risk Managemen.docx
Research Paper TopicITS835 โ€“ Enterprise Risk Managemen.docx
ย 
AbstractCloud computing technology has become the new fron.docx
AbstractCloud computing technology has become the new fron.docxAbstractCloud computing technology has become the new fron.docx
AbstractCloud computing technology has become the new fron.docx
ย 
Web Application Security.pptx
Web Application Security.pptxWeb Application Security.pptx
Web Application Security.pptx
ย 
Website Security Testing Ahmedabad Mar 2024.pdf
Website Security Testing Ahmedabad Mar 2024.pdfWebsite Security Testing Ahmedabad Mar 2024.pdf
Website Security Testing Ahmedabad Mar 2024.pdf
ย 
Strategies for Effective Cybersecurity in Web Development pdf.pdf
Strategies for Effective Cybersecurity in Web Development pdf.pdfStrategies for Effective Cybersecurity in Web Development pdf.pdf
Strategies for Effective Cybersecurity in Web Development pdf.pdf
ย 

More from SaadSaif6

More from SaadSaif6 (7)

Fourier transform (cell phones)
Fourier transform (cell phones)Fourier transform (cell phones)
Fourier transform (cell phones)
ย 
Correlation Coefficient
Correlation CoefficientCorrelation Coefficient
Correlation Coefficient
ย 
America-Iran Tensions ( Best & Easy Presentation )
America-Iran Tensions ( Best & Easy Presentation )America-Iran Tensions ( Best & Easy Presentation )
America-Iran Tensions ( Best & Easy Presentation )
ย 
Review Paper ( Research Articles )
Review Paper ( Research Articles )Review Paper ( Research Articles )
Review Paper ( Research Articles )
ย 
Artificial Intelligence Presentation
Artificial Intelligence PresentationArtificial Intelligence Presentation
Artificial Intelligence Presentation
ย 
Trapezoidal Rule
Trapezoidal RuleTrapezoidal Rule
Trapezoidal Rule
ย 
Network Topology And Its Types
Network Topology And Its TypesNetwork Topology And Its Types
Network Topology And Its Types
ย 

Recently uploaded

Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...
Association for Project Management
ย 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
QucHHunhnh
ย 
Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseSpellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please Practise
AnaAcapella
ย 
Vishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdf
Vishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdfVishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdf
Vishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdf
ssuserdda66b
ย 

Recently uploaded (20)

Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
ย 
Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...
ย 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
ย 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - English
ย 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptx
ย 
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
ย 
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POS
ย 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
ย 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdf
ย 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentation
ย 
Dyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptxDyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptx
ย 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdf
ย 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
ย 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and Modifications
ย 
Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseSpellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please Practise
ย 
Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptx
ย 
Spatium Project Simulation student brief
Spatium Project Simulation student briefSpatium Project Simulation student brief
Spatium Project Simulation student brief
ย 
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptxSKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
ย 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
ย 
Vishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdf
Vishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdfVishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdf
Vishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdf
ย 

Research Article On Web Application Security

  • 1. Web Application Security Improving Critical Web-based Applications Quality through in-depth Security Analysis SAAD SAIF Department Of Computer Sciences Lahore Garrison University Abstract The Internet, and specifically the World Wide Web, has gotten one of the most well-known correspondence mediums in the World. A huge number of clients associate regularly to various electronic applications to look for data, trade messages, communicate with one another, direct business, cover charges, perform money related activities and some more. A portion of these basic online administrations are focused by a few malignant clients expecting to abuse potential shortcomings and vulnerabilities, which could cause the disturbance of the administration, yet in addition bargain the clients and associations data. A large portion of the occasions, these noxious clients prevail with regards to abusing various kinds of vulnerabilities and the outcomes can be lamentable. Most of these vulnerabilities are legitimately related with the online applications absence of value therefore from an ineffectively executed programming advancement life cycle (SDLC). Keywords:- Web Application, Security, Automated Testing, Quality, Critical INTRODUCTION Security was, still and consistently will be one of the significant worries that basic frameworks have, particularly when sent in the World Wide Web, available through an internet browser. Presently a Days there are a giant proportion of organizations sent in the World Wide Web and individuals depend on this correspondence framework to per-structure regular tasks. Instances of these tasks are: charge installments, banking activities, e-shopping, email, government medicinal services framework activities, etc. Besides, in certain nations, these tasks are really required; one case of this is Portugal, where the open association organizations were totally sent in the Web targeting uniting government and resident. Most security concerns are currently related with the application level. This has one straightforward clarification, web applications are available through programs, and can be gotten to by everybody with
  • 2. Internet. This has the intrinsic chance that great or seriously intentioned individuals can exploit this and perform malignant activities. The quantity of assaults reported by certain elements effectively affirms this. The National Institute of Standards and Technology (NIST) holds a National Vulnerability Database (NVD), which has more than 40000 vulnerabilities, distinguished in the application level as of March 13, 2010.This is moreover confirmed by the Gartner Gathering, which evaluates that 70% of the ambushes to an association's web application begin from the application level. WEB APPLICATIONS AS THE WEAKEST LINK Web applications no longer relates with back workplaces and home amusement. Nowadays, web applications have become the most significant applications throughout everybody's life and relates with most activities clients make in the Internet. Security experts regularly misjudge the genuine issues related with security blemishes these days - programming. Programming is the most fragile connection in security. Application level security relates with numerous issues inside this theme and it can't be limited to acceptable programming rehearses. Confirmation that security issues relate with programming is that, other than the quantity of utilization level vulnerabilities abused in the course of the most recent couple of years is developing, associations like OWASP , WASC, CERT PT, etc are turning into every day progressively dynamic and security experts are beginning to comprehend and accept absolutely their suggestions. Top 10 OWASP and the WASC risk gathering point precisely to the most notable application layer security issues, which get from an enormous experience from security specialists around the world. SECURITY INTEGRATION WITH THE SOLC The unconventionality and market demand in fundamental electronic applications has made an extension in the advancement of security models in the item improvement life cycle. One of the bases for these frameworks is that security must be accessible through every time of the SDLC thusly achieving quality as a last thing. This regularly includes correspondences and collaboration from top seats (CIO, CEO, and others), running down the chain of importance, through task administrators and designers. The purpose of this hierarchical mindfulness is basic, security is a procedure, not a last item, and ought to be managed thusly, incorporating encounters, dreams and worries from everybody. Microsoft Security Development Lifecycle (MS DLe) Microsoft's strategy is perhaps one of the most utilized in the business territory. This is generally determined by the way that their items are available through each market and advances, implementing the utilization of their examples. MS OLC is depicted by Microsoft as being flexible (applies to enormous, medium and little organizations, to different improvement systems and to any stage), savvy (they present an examination by NIST which guarantees that code fixes after the sending can go up to 30 time than if act in the advancement stage) and quantifiable (they present investigations contrasting the quantity of vulnerabilities and without their foundation).Building Security in Maturity Model (BSIMM)
  • 3. OWASP Software Assurance Maturity Model (SAMM) The OWASP SAMM is a structure, which points helping associations to plan a security system for programming security. This system gives all the assets to free and helps in: โ€ข Assessing the current practices in the association related with programming security โ€ข Building a decent programming security confirmation program for explicit emphases โ€ข Exhibiting upgrades to a security confirmation program โ€ข Characterizing and estimating security-related exercises all through an association. Literature Review Over the latest couple of years, application-level vulnerabilities have been abused with real outcomes. Software engineers have misdirected online business regions into transportation stock for no charge, usernames and passwords have been harvested, and characterized information, (for instance, areas and MasterCard numbers) has been spilled. Scientists begin to research new instruments and procedures which address the issue of utilization level web security from numerous headings pre, inside, and post. Glisson and Well and in fight that security should be started first before the application progression process direct through a self-governing versatile system that contains customizable security parts. Literature Survey Among the numerous assaults on Web applications, cross-website scripting (XSS) is one of the most widely recognized. A XSS ambush incorporates mixing poisonous substance into a trusted in site that executes on a visitor's program without the visitor's data and in this manner enables the aggressor to get to unstable customer data, for instance, meeting tokens and treats set aside on the program. With this data, attackers can execute a couple of malignant acts, including misrepresentation, key-logging, phishing, customer emulate, and webcam incitation
  • 4. Confusion Matrix Results In All Articles I read that the web applications are more secure and well defined applications which are best as web services which provided us by Google and other search engine. So there is also a lot of work which ion all web applications for their security and other harmful activities which can give harm them. So all experts work, analysis and testing on web applications and try to safe critical information which is not used by the third party. Title Improving Critical Web-based Applications Quality through in-depth Security Analysis Web Application Security Tools Analysis Tool-Based Approach to Assessing Web Application Security Semantic security against web application attacks Privacy Solutions
  • 5. Conclusion Basic web applications quality can't be isolated from security issues. Security must be available in each basic web application as it is a quality measure each client take as allowed. In this paper we centered in the coordination of security rehearses in the SDLC. The SDLC targets stigmatizing examples and principles for creating programming with a better level. The coordination of security inside those models is imperative for these applications, and consequently, security exercises were characterized by each phase of the SDLC, prompting an expansion of web applications quality through the whole improvement process. Web applications are these days the door among individuals and regular activities with the whole world. This must be comprehended, and along these lines, quality norms must be raised, which from our perspective, it can just occur with the expansion of security. References [1] Backtrack (2011). Backtrack Linux - penetration testing distribution website. http://www.backtrack- linux.orgl. (Access date: IS June 2011) [2] Brunel D. Romero M., H. M. H. and A, 1. E. M. (2009). A methodological tool for asset identification in web applications. In IEEE Fourth International Conference on Software Engineering Advances, pages 413--418. IEEE. [3] BSIMM (2011). The building security in maturity model. http://bsimm.coml. (Access date: IS June 2011). [4] CERT.PT (2010). Cert.pt web site. http://www.cert.ptl. Consortium, W. AS. (2010a). (Access date: IS June 2011). [5] WASC Threat Classification version 2.0. WASC. Consortium, W. AS. (2010b). Web application security consortium web site. http://www.webappsec.orgl. (Access date: IS June 2011). [6] Duan, B., Zhang, Y., and Gun D. (2008). An easy-to-deploy penetration testing platform. In Young Computer Sci- enlists, 2008. ICYCS 2008. The 9th International Con- ference for, pages 2314 -2318. [7] Fong, E. and Okun, V. (2007). Web application scanners: Definitions and functions. In System Sciences, 2007. HICSS 2007. 40th Annual Hawaii International Con- ference on, page 280b. [8] Madan, S. and Madan, S. (2010). Security standards per- spective to fortify web database applications from code injection attack. In IEEE International Confer- ence on Intelligent Systems, Modeling and Simulation. IEEE.