Thursday, 21 November 2013

Hello friends, 

I did my research work on "Web Application Security Threats and Defense Using Open Source Tools". I also published a paper in the IJCA journal related to this topic titled "Programmer Protocol for Identification and Defense of Latest Web Application Security Threats Using Open Source Tools" which can be found on the link: 

http://research.ijcaonline.org/volume76/number13/pxc3890843.pdf

The abstract of the paper is: 

There has been an exponential increase in the number of 
attacks on web applications during the recent years. This 
paper presents a guideline for programmers to develop robust 
web applications in terms of security by identification of latest 
web application security vulnerabilities and devising their 
control using open source dynamic and static web application 
security assessment tools. A highly vulnerable web 
application is taken as a sample and it is projected to dynamic 
tools which lookup for security loopholes in it according to its 
behavior in the actual working environment and static tools 
lookup for security loopholes in the programming logics by 
static analysis of the actual source code. Finally, the concept 
of a static analysis monitoring tool is given which can serve a 
fool proof solution for one of the most encountered attack 
namely, Cross Site Scripting (XSS).

4 Comments:

At 21 November 2013 at 11:53 , Blogger Andrew Moore said...

Just read your paper, you have given useful information concerned with web application security measures. I am more interested in the monitoring tool that you have discussed. I have a question.

You stated that your tool will be scanning the source code files and find out if hacker's code has been inserted, but what if the code is inserted in the database, can you extend your tool to check the database for the same? If this can be done the tool would be more powerful.

Please share the source code of this tool...

 
At 23 November 2013 at 04:08 , Blogger Devang Sharma said...

Thank you for your interest Andrew.

Regarding your question, the monitoring tool that I have discussed in my study picks up the vulnerable elements from the source code files, but the same code can be used to grep these elements from any set of data just before insertion into the database. Thus, the data that is to be inserted in database will be pre-checked and will be deleted if found to be malicious.

 
At 27 November 2013 at 05:41 , Blogger engg.mihir said...

Hi, I am Mihir from Kalinga University, Bhubaneshwar. I studied your research work at the given link. Your work is good. I also am doing my dissertation on Internet Security. So, I need your help. Kindly, give reply me on my mail id: mihirsaxena7@gmail.com

 
At 28 November 2013 at 11:26 , Blogger Biju Varkey said...

Nice Work.

 

Post a Comment

Subscribe to Post Comments [Atom]

<< Home