Title: Developing secure web applications
Authors: Dharmendra Choukse; Dimitris N. Kanellopoulos; Umesh Kumar Singh
Institute of Engineering and Sciences, IPS Academy, Rajendra Nagar Indore, 452012, India.
Department of Mathematics, University of Patras, University Campus, 26500, Rio, Patras, Greece.
Institute of Computer Science, Vikram University, Ujjain, 456010, India
Abstract: The security of web applications is an important issue for any organisation that deploys its own websites. If an organisation takes the required precautions and countermeasures, it can prevent the possible attacks. Otherwise, its critical data, reputation and credibility will be at risk. Nowadays, firewalls, intrusion detection systems (IDS) and intrusion prevention systems (IPS) provide security at the network layer. However, more than 70% of present world's security attacks exploit the vulnerabilities at the application level. Cross-site scripting, SQL injection, cookie poisoning and forceful browsing are some of the most common website vulnerabilities. Stringent user input validation, proper session management, and exploitation of web application firewalls, etc., can be used as countermeasures to combat the attacks on websites. In this paper, we discuss how attackers can exploit the vulnerabilities of web applications and how we can implement effective countermeasures to secure our web applications.
Keywords: secure web applications; web security; cross-side scripting; SQL injection; cookie poisoning; forceful browsing; website vulnerability.
Int. J. of Internet Technology and Secured Transactions, 2012 Vol.4, No.2/3, pp.221 - 236
Submission date: 14 Feb 2012
Date of acceptance: 16 Mar 2012
Available online: 16 Jul 2012