ASASI: An Environment for Addressing Software Application Security Issues

2006 ◽  
Author(s):  
Mehrez Essafi ◽  
Lamia Labed ◽  
Henda Ben Ghezala
Keyword(s):  
Application Security ◽  
Software Application ◽  
Security Issues

Practical Web Application Security Audit Following Industry Standards and Compliance

2011 ◽  
pp. 259-279
Author(s):  
Shakeel Ali
Keyword(s):  
Web Application ◽  
Assessment Process ◽  
Security Assessment ◽  
Web Application Security ◽  
Application Security ◽  
Security Issues ◽  
Pci Dss ◽  
Industry Standards ◽  
Before And After ◽  
Security Standards

A rapidly changing face of internet threat landscape has posed remarkable challenges for security professionals to thwart their IT infrastructure by applying advanced defensive techniques, policies, and procedures. Today, nearly 80% of total applications are web-based and externally accessible depending on the organization policies. In many cases, number of security issues discovered not only depends on the system configuration but also the application space. Rationalizing security functions into the application is a common practice but assessing their level of resiliency requires structured and systematic approach to test the application against all possible threats before and after deployment. The application security assessment process and tools presented here are mainly focused and mapped with industry standards and compliance including PCI-DSS, ISO27001, GLBA, FISMA, SOX, and HIPAA, in order to assist the regulatory requirements. Additionally, to retain a defensive architecture, web application firewalls have been discussed and a map between well-established application security standards (WASC, SANS, OWASP) is prepared to represent a broad view of threat classification.

scholarly journals Choosing the Best-fit Lifecycle Framework while Addressing Functionality and Security Issues

10.29007/cfm3 ◽  
2019 ◽  
Author(s):  
Salman Faizi ◽  
Shawon Rahman
Keyword(s):  
Application Development ◽  
Software Application ◽  
Development Organization ◽  
Security Issues ◽  
Development Framework ◽  
Development Lifecycle ◽  
Software Development Lifecycle ◽  
The Right ◽  
Application Developers ◽  
Best Fit

Software application development must include implementation of core functionality along with secure coding to contain security vulnerabilities of applications. Considering the life cycle that a software application undergoes, application developers have many opportunities to include security starting from the very first stage of planning or requirement gathering. However, before even starting requirement gathering, the software application development team must select a framework to use for the application’s lifecycle. Based on the application and organizational characteristics, software application developers must select the best-fit framework for the lifecycle. A software application’s functionality and security start with picking the right lifecycle framework.When it comes to application development frameworks, one size does not fit all. Based on the characteristics of the application development organization such as the number of application developers involved, project budget and criticality, and the number of teams, one of the five frameworks will work better than others.Keywords: Software development lifecycle, software functionality, software security, application development, framework security

scholarly journals Security Issues of Web Services of Large Scale Distributed Database

2021 ◽  
pp. 373-379
Author(s):  
Dr. Manish Jivtode
Keyword(s):  
Cloud Computing ◽  
Distributed Computing ◽  
Web Services ◽  
Large Scale ◽  
Distributed Database ◽  
Distributed Environment ◽  
Distributed Application ◽  
Application Security ◽  
Security Issues ◽  
Open Platform

Cloud computing is viewed as one of the most promising technologies in computing today. This is a new concept of large scale distributed computing. It provides an open platform for every user on the pay-per-use basis. Cloud computing provides number of interfaces and APIs to interact with the services provided to the users. With the development of web services distributed application, Security of data is another important subject in various layers of distributed computing. In this study, security of data that can be used during the access of distributed environment over various layers will be described.

scholarly journals Digital Auditing: A Technique to Ensure Security

2020 ◽  
pp. 371-379
Author(s):  
Nidhi Dandotiya ◽  
Pallavi Khatri ◽  
Abhinandan Singh Dandotiya
Keyword(s):  
Personal Computer ◽  
System Security ◽  
Automated Systems ◽  
Application Security ◽  
Security Issues ◽  
Security Audits

Security is one of the ever-rising provinces in about every field of society and computers are no freak. The system on the network can be attacked if it is easy to break its security or it is vulnerable. Security issues that exist in connection to a machine on network are system security and application security. For ensuring security of personal computer regular security audits of the system needs to be done. One main objective of auditing is to ensure that systems are safe or not. Digital auditing can be manual or automated. Systems audit leads to check that the vulnerability of system to different attacks that can be done on it. Similarly, a website running on the system can also be exploited for any vulnerability in it. This work investigates the methods of system and application auditing to identify the weakness at system and application level.

Taxonomy of Login Attacks in Web Applications and Their Security Techniques Using Behavioral Biometrics

2020 ◽  
pp. 122-139
Author(s):  
Rizwan Ur Rahman ◽  
Deepak Singh Tomar
Keyword(s):  
Web Application ◽  
Initial Phase ◽  
Web Applications ◽  
Application Development ◽  
Web Application Security ◽  
Application Security ◽  
Security Issues ◽  
Large Numbers ◽  
Web Application Development ◽  
The Web

Research into web application security is still in its initial phase. In spite of enhancements in web application development, large numbers of security issues remain unresolved. Login attacks are the most malevolent threats to the web application. Authentication is the method of confirming the stated identity of a user. Conventional authentication systems suffer from a weakness that can compromise the defense of the system. An example of such vulnerabilities is login attack. An attacker may exploit a pre-saved password or an authentication credential to log into web applications. An added problem with current authentication systems is that the authentication process is done only at the start of a session. Once the user is authenticated in the web application, the user's identity is assumed to remain the same during the lifetime of the session. This chapter examines the level login attacks that could be a threat to websites. The chapter provides a review of vulnerabilities, threats of login attacks associated with websites, and effective measures to counter them.

scholarly journals Se-LMS: Secured learning management systems for smart school

2021 ◽  
Vol 7 (1) ◽  
pp. 36-46
Author(s):  
Olorunjube James Falana ◽  
◽  
Ife Olalekan Ebo ◽  
Ifeanyi Shadrach Odom ◽  
◽  
...  
Keyword(s):  
Identity Management ◽  
Denial Of Service ◽  
Learning Management Systems ◽  
Management Systems ◽  
Software Application ◽  
Denial Of Service Attack ◽  
Security Issues ◽  
Service Attack ◽  
E Learning ◽  
Learning Management

One of the research topics that focus on Information Communication Technology in Education is Learning Management System (LMS). LMS is a web-based software application developed to create, manage, and delivered e-learning courses. Many research works have been conducted on different learning options in LMS. However, the increased use of LMS has brought with it the security issues such as the denial of service attack, malware and privacy. In order to protect the different actors of LMS such as students, instructors and controlling authorities, this paper proposes a multi-factor authentication and identity management for securing LMS. Se-LMS is capable of dynamically authenticating users using different methods such as a seamless combination of Oauth2.0 and 2FA or Username/Password and 2FA as proposed. Also, the paper explains the situation and existing research relating to security in Learning Management Systems in smart school. The proposed framework has been applied to cloud-based LMS to show the ability to mitigate an attack.

Building Secure Software Using XP

2012 ◽  
pp. 161-175
Author(s):  
Walid Al-Ahmad
Keyword(s):  
Software Development ◽  
Early Stage ◽  
Security Design ◽  
Security Measures ◽  
Security Vulnerabilities ◽  
Application Security ◽  
Security Issues ◽  
Secure Software ◽  
Process Methodology ◽  
Software Development Methodologies

Security is an important and challenging aspect that needs to be considered at an early stage during software development. Traditional software development methodologies do not deal with security issues and so there is no structured guidance for security design and development; security is usually an afterthought activity. This paper discusses the integration of XP with security activities based on the CLASP (Comprehensive Lightweight Application Security Process) methodology. This integration will help developers using XP develop secure software by applying security measures in all phases and activities, thereby minimizing the security vulnerabilities exploited by attackers.

Security Issues of Firewall

2017 ◽  
Vol 7 (7) ◽  
pp. 455
Author(s):  
A R. Pon Periyasamy
Keyword(s):  
Network Security ◽  
Review Paper ◽  
Computer Network ◽  
Transportation Network ◽  
End User ◽  
Software Application ◽  
Security Issues ◽  
Security Software ◽  
Entry Points ◽  
Distributed Firewall

The need of Network Security is accelerating at the same pace as that of increased Internet usage. Network Security prevents from illegitimate admittance, hacking andauthentic data transportation. Network Security consist of provisions and policies adopted by a network administrator to preclude and monitor unauthorized access, alterations, perversion, declination of a computer network and network-accessible resources. Network Security is achieved by Firewall. Firewall is a   hardware or software device which is designed to permit or refuse network transmissions based upon certain protocols. Firewall is a locus at the endpoints of the system which strains out all illegitimate traffic and users. But conventional or traditional firewalls rely stricly on the restricted topology and restrained entry points to function; which results in difficulty in filtering certain protocols, end-to-end encryption problem etc. Hence, it resulted in the evolution of Distributed Firewall which strengthens the network security policies without delimitating its topology from inside or outside. Distributed Firewall is a host-resident security software application that protects the enterprise network’s servers and end-user machines against unwanted intrusion. This paper is a literature review paper focusing on traditional firewalls, it evolution, security issues various policies and the concept of distributed firewall.

scholarly journals Rapid, robust plasmid verification by de novo assembly of short sequencing reads

2020 ◽  
Vol 48 (18) ◽  
pp. e106-e106 ◽  
Author(s):  
Jenna E Gallegos ◽  
Mark F Rogers ◽  
Charlotte A Cialek ◽  
Jean Peccoud
Keyword(s):  
Quality Control ◽  
Synthetic Biology ◽  
De Novo Assembly ◽  
Life Science ◽  
De Novo ◽  
Science Research ◽  
Application Security ◽  
Security Issues ◽  
Control Step ◽  
Basic And Applied Research

Abstract Plasmids are a foundational tool for basic and applied research across all subfields of biology. Increasingly, researchers in synthetic biology are relying on and developing massive libraries of plasmids as vectors for directed evolution, combinatorial gene circuit tests, and for CRISPR multiplexing. Verification of plasmid sequences following synthesis is a crucial quality control step that creates a bottleneck in plasmid fabrication workflows. Crucially, researchers often elect to forego the cumbersome verification step, potentially leading to reproducibility and—depending on the application—security issues. In order to facilitate plasmid verification to improve the quality and reproducibility of life science research, we developed a fast, simple, and open source pipeline for assembly and verification of plasmid sequences from Illumina reads. We demonstrate that our pipeline, which relies on de novo assembly, can also be used to detect contaminating sequences in plasmid samples. In addition to presenting our pipeline, we discuss the role for verification and quality control in the increasingly complex life science workflows ushered in by synthetic biology.

Sign in / Sign up

Export Citation Format

Share Document