Hello friends,
I did my research work on "Web Application Security Threats and Defense Using Open Source Tools". I also published a paper in the IJCA journal related to this topic titled "Programmer Protocol for Identification and Defense of Latest Web Application Security Threats Using Open Source Tools" which can be found on the link:
http://research.ijcaonline.org/volume76/number13/pxc3890843.pdf
The abstract of the paper is:
There has been an exponential increase in the number of
attacks on web applications during the recent years. This
paper presents a guideline for programmers to develop robust
web applications in terms of security by identification of latest
web application security vulnerabilities and devising their
control using open source dynamic and static web application
security assessment tools. A highly vulnerable web
application is taken as a sample and it is projected to dynamic
tools which lookup for security loopholes in it according to its
behavior in the actual working environment and static tools
lookup for security loopholes in the programming logics by
static analysis of the actual source code. Finally, the concept
of a static analysis monitoring tool is given which can serve a
fool proof solution for one of the most encountered attack
namely, Cross Site Scripting (XSS).
I did my research work on "Web Application Security Threats and Defense Using Open Source Tools". I also published a paper in the IJCA journal related to this topic titled "Programmer Protocol for Identification and Defense of Latest Web Application Security Threats Using Open Source Tools" which can be found on the link:
http://research.ijcaonline.org/volume76/number13/pxc3890843.pdf
The abstract of the paper is:
There has been an exponential increase in the number of
attacks on web applications during the recent years. This
paper presents a guideline for programmers to develop robust
web applications in terms of security by identification of latest
web application security vulnerabilities and devising their
control using open source dynamic and static web application
security assessment tools. A highly vulnerable web
application is taken as a sample and it is projected to dynamic
tools which lookup for security loopholes in it according to its
behavior in the actual working environment and static tools
lookup for security loopholes in the programming logics by
static analysis of the actual source code. Finally, the concept
of a static analysis monitoring tool is given which can serve a
fool proof solution for one of the most encountered attack
namely, Cross Site Scripting (XSS).
3 Comments:
Just read your paper, you have given useful information concerned with web application security measures. I am more interested in the monitoring tool that you have discussed. I have a question.
You stated that your tool will be scanning the source code files and find out if hacker's code has been inserted, but what if the code is inserted in the database, can you extend your tool to check the database for the same? If this can be done the tool would be more powerful.
Please share the source code of this tool...
Thank you for your interest Andrew.
Regarding your question, the monitoring tool that I have discussed in my study picks up the vulnerable elements from the source code files, but the same code can be used to grep these elements from any set of data just before insertion into the database. Thus, the data that is to be inserted in database will be pre-checked and will be deleted if found to be malicious.
Hi, I am Mihir from Kalinga University, Bhubaneshwar. I studied your research work at the given link. Your work is good. I also am doing my dissertation on Internet Security. So, I need your help. Kindly, give reply me on my mail id: mihirsaxena7@gmail.com
Post a Comment
Subscribe to Post Comments [Atom]
<< Home