Title: Developing secure web applications

Authors: Dharmendra Choukse; Dimitris N. Kanellopoulos; Umesh Kumar Singh

Addresses: Institute of Engineering and Sciences, IPS Academy, Rajendra Nagar Indore, 452012, India. ' Department of Mathematics, University of Patras, University Campus, 26500, Rio, Patras, Greece. ' Institute of Computer Science, Vikram University, Ujjain, 456010, India

Abstract: The security of web applications is an important issue for any organisation that deploys its own websites. If an organisation takes the required precautions and countermeasures, it can prevent the possible attacks. Otherwise, its critical data, reputation and credibility will be at risk. Nowadays, firewalls, intrusion detection systems (IDS) and intrusion prevention systems (IPS) provide security at the network layer. However, more than 70% of present world's security attacks exploit the vulnerabilities at the application level. Cross-site scripting, SQL injection, cookie poisoning and forceful browsing are some of the most common website vulnerabilities. Stringent user input validation, proper session management, and exploitation of web application firewalls, etc., can be used as countermeasures to combat the attacks on websites. In this paper, we discuss how attackers can exploit the vulnerabilities of web applications and how we can implement effective countermeasures to secure our web applications.

Keywords: secure web applications; web security; cross-side scripting; SQL injection; cookie poisoning; forceful browsing; website vulnerability.

DOI: 10.1504/IJITST.2012.047969

International Journal of Internet Technology and Secured Transactions, 2012 Vol.4 No.2/3, pp.221 - 236

Available online: 16 Jul 2012

Full-text access for editors Access for subscribers Purchase this article Comment on this article