Enhancement of Web Security Against External Attack

The security of web-based services is currently playing a vital role for the software industry. In recent years, many technologies and standards have emerged in order to handle the security issues related to web services. This paper shows techniques to enhance the security of web services, and some of the recent challenges and recommendations of a proposed model to secure web services. It shows the security process of a real life web application, which includes; HTML5 forms, login security, and a single signon solution. This paper also aim to discuss the ten (10) most common web security vulnerabilities and how to prevent the web application from three (3) of the vulnerabilities. Amongst them are; SQL Injection, Cross Site Scripting and Broken Authentication, and Session Management.

Download Full-text

Web Security Aware by using Naive Baye’s ML Technique

International Journal of Innovative Technology and Exploring Engineering - Special Issue ◽

10.35940/ijitee.d1325.029420 ◽

2020 ◽

Vol 9 (4) ◽

pp. 3222-3230

Keyword(s):

Web Applications ◽

Web Security ◽

Experimental Result ◽

Machine Learning Technique ◽

Security Vulnerabilities ◽

Sql Injection ◽

Security Issues ◽

Extensive Evaluation ◽

Learning Technique ◽

Input Validation

Web applications support many of our daily activities, but they often have security issues, and their accessibility makes them easy to use. This paper presents an analysis for finding vulnerabilities that directly address weak or absent of input validation. We present the techniques for finding security vulnerabilities in Web applications. We implement our proposed system with a machine learning technique (ML technique) to measure the accuracy and provide an extensive evaluation that finds all vulnerabilities in web applications. SQL injection, Cross-Site Scripting (XSS), HTTP and command inj1ection vulnerabilities are addressed in the proposed system and also Naive Bayes ML technique is used to calculate the accurateness. The experimental result shows the technique is more efficient and accurate.

Download Full-text

Experiential Learning of Networking Technologies: Understanding Web Security

10.34048/2018.2.f4 ◽

2018 ◽

Author(s):

Ram P. Rustagi ◽

Viraj Kumar

Keyword(s):

Experiential Learning ◽

Web Security ◽

Web Based ◽

Security Issues ◽

Hands On ◽

Networking Technologies

With the rapid increase in the volume of e-commerce, the security of web-based transactions is of increasing concern. A widespread but dangerously incorrect belief among web users is that all security issues are taken care of when a website uses HTTPS (secure HTTP). While HTTPS does provide security, websites are often developed and deployed in ways that make them and their users vulnerable to hackers. In this article we explore some of these vulnerabilities. We first introduce the key ideas and then provide several experiential learning exercises so that readers can understand the challenges and possible solutions to them in a hands-on manner.

Download Full-text

A Study on Comparison of Network Location Efficiency of Web Application Firewall

International Journal of Engineering & Technology ◽

10.14419/ijet.v7i3.33.21009 ◽

2018 ◽

Vol 7 (3.33) ◽

pp. 183

Author(s):

Sung-Ho Cho ◽

Sung-Uk Choi ◽

. .

Keyword(s):

Web Services ◽

Web Application ◽

Large Scale ◽

Service Providers ◽

Web Security ◽

Small Scale ◽

Internet Service ◽

Large Scale Networks ◽

The Web ◽

Line Type

This paper proposes a method to optimize the performance of web application firewalls according to their positions in large scale networks. Since ports for web services are always open and vulnerable in security, the introduction of web application firewalls is essential. Methods to configure web application firewalls in existing networks are largely divided into two types. There is an in-line type where a web application firewall is located between the network and the web server to be protected. This is mostly used in small scale single networks and is vulnerable to the physical obstruction of web application firewalls. The port redirection type configured with the help of peripheral network equipment such as routers or L4 switches can maintain web services even when physical obstruction of the web application firewall occurs and is suitable for large scale networks where several web services are mixed. In this study, port redirection type web application firewalls were configured in large-scale networks and there was a problem in that the performance of routers was degraded due to the IP-based VLAN when a policy was set for the ports on the routers for web security. In order to solve this problem, only those agencies and enterprises that provide web services of networks were separated and in-line type web application firewalls were configured for them. Internet service providers (ISPs) or central line-concentration agencies can apply the foregoing to configure systems for web security for unit small enterprises or small scale agencies at low costs.

Download Full-text

Design and Development of an e-Platform for Supporting Liquid Food Supply Chain Monitoring and Traceability

Information Technologies, Methods, and Techniques of Supply Chain Management ◽

10.4018/978-1-4666-0918-1.ch017 ◽

2012 ◽

pp. 290-310

Author(s):

Dimitris Folinas ◽

Ioannis Manikas

Keyword(s):

Supply Chain ◽

Reference Model ◽

Raw Materials ◽

Real Life ◽

Web Based ◽

Efficient Operation ◽

Traceability System ◽

Proposed Model ◽

Production And Distribution ◽

Liquid Products

In this paper, the deliverables of a research project are presented, which aims at the development of a web-based platform capable of supporting the traceability of liquid products like milk, wine and olive oil. First, it includes the design of a supply chain reference model and the identification of the data required for the efficient operation of the traceability system. The main elements of the proposed model defined in this paper are the entities, stages, events, and processes. The reference model consists of three distinct phases that represent stages of real-life supply chains. Each of these phases is defined by certain interactions between the above basic elements. Additionally, the proposed e-platform is based on the above reference model aiming to follow and register the production and distribution processes of the raw materials, semi-finals, and final products that are used in the examined industry.

Download Full-text

An Overview Over the Open Source Resources for Web Applications Security

Revista Eixos Tech ◽

10.18406/2359-1269v3n1201653 ◽

2017 ◽

Vol 3 (1) ◽

Author(s):

Emerson Assis Carvalho ◽

Fernanda Ramos de Carvalho ◽

Lucyara Silva Ribeiro ◽

Germano Estevam Simão Pereira ◽

Túlio César Lopes Alves

Keyword(s):

Open Source ◽

Web Application ◽

Web Applications ◽

Web Security ◽

Security Vulnerabilities ◽

Web Application Security ◽

Application Security ◽

Complete Report

This work presents a web application security overview, presenting its main concepts and areas, the open source resources available, the most com- mon web security vulnerabilities and how to prevent them. We also have used some open source web application security scanners to test the security of a simple web application. We have used more than one scanner, aiming to have a complete report over the vulnerabilities and to make a comparison between them. We have used a web application previously developed without any concern about security. Our reports were on the vulnerabilities found and how much was easy or not to interpret and fix them.

Download Full-text

Security Issues in Web Services

Handbook of Research on Network Forensics and Analysis Techniques - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-5225-4100-4.ch004 ◽

2018 ◽

pp. 57-64

Author(s):

Priyanka Dixit

Keyword(s):

Web Application ◽

Web Applications ◽

Future Research ◽

The Internet ◽

Web Application Security ◽

Web Based ◽

Security Issues ◽

Digital World ◽

Important Region ◽

The Web

This chapter describes how security is an important aspect in today's digital world. Every day technology grows with new advancements in various areas, especially in the development of web-based applications. All most all of the web applications are on the internet, hence there is a large probability of attacks on those applications and threads. This makes security necessary while developing any web application. Lots of techniques have been developed for mitigating and defending against threats to the web based applications over the internet. This chapter overviews the important region of web application security, by sequencing the current strategies into a major picture to further the future research and advancement. Firstly, this chapter explains the major problem and obstacles that makes efforts unsuccessful for developing secure web applications. Next, this chapter distinguishes three basic security properties that a web application should possess: validation, integrity, accuracy and portray the comparing vulnerabilities that damage these properties alongside the assault vectors that contain these vulnerabilities.

Download Full-text

A Review on Enhancing the Security of Database using SQL Injection

International Journal of Advanced Research in Computer Science and Software Engineering ◽

10.23956/ijarcsse.v7i8.43 ◽

2017 ◽

Vol 7 (8) ◽

pp. 151

Author(s):

Isha Shingari

Keyword(s):

Web Application ◽

Web Applications ◽

Denial Of Service ◽

Vital Role ◽

Malicious Code ◽

Security Threat ◽

Service Network ◽

Sql Injection ◽

Web Application Security ◽

User Friendly

In one way or other we all are connected with internet. All web applications are dependent on the internet. Now a day’s web applications play a vital role in everybody’s life. Exponential growth could be observed in many user friendly web applications. Thousands of transactions are done daily through these applications, 80% out of which are vulnerable to malicious attacks according to the survey by the Open Web Application Security Projects (OWSAP) .SQL injections is the highest security threat for web applications .SQL injection is a mechanism for inserting a malicious code in user code. Results in adding or modifying data, leak of confidential information, bypass authentication, performing denial of service, network hacking , table structure, and deleting the database .In this paper we have discussed the various aspects of SQL injection.

Download Full-text

Research on Security Architecture Based on Web Service System

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.687-691.1716 ◽

2014 ◽

Vol 687-691 ◽

pp. 1716-1719 ◽

Cited By ~ 1

Author(s):

Yao Qin Liu

Keyword(s):

Web Services ◽

Web Service ◽

Web Application ◽

Computer Hardware ◽

Security Threats ◽

Loose Coupling ◽

Security Issues ◽

Buffer Overflows ◽

Platform Independence ◽

Xml Web

Web service is a distributed Web application model, with platform independence, openness, loose coupling and other features. These features bring convenience to application integration, which also faces many security issues, mainly for computer hardware, applications, buffer overflows, message transmission process and other security threats. XML Web services architecture strengthen the security threats defense through digital signatures, encryption, and a series of measures of WS-Security by the sender, the receiver, the key server and assertion server which consist of SOAP security with characteristics like integrity, confidentiality, etc., effectively guaranteeing the safe operation of the Web services architecture.

Download Full-text

Neutralizing SQL Injection Attack on Web Application Using Server Side Code Modification

International Journal of Scientific Research in Computer Science Engineering and Information Technology ◽

10.32628/cseit1952339 ◽

2019 ◽

pp. 158-173

Author(s):

Sarjiyus O. ◽

El-Yakub M. B.

Keyword(s):

Web Application ◽

Web Applications ◽

Web Security ◽

Security Threat ◽

Sql Injection ◽

Server Side ◽

Injection Attacks ◽

Sql Injection Attack ◽

Sql Injection Attacks ◽

Code Modification

SQL Injection attacks pose a very serious security threat to Web applications and web servers. They allow attackers to obtain unrestricted access to the databases underlying the applications and to the potentially sensitive and important information these databases contain. This research, “Neutralizing SQL Injection attack on web application using server side code modification” proposes a method for boosting web security by detecting SQL Injection attacks on web applications by modification on the server code so as to minimize vulnerability and mitigate fraudulent and malicious activities. This method has been implemented on a simple website with a database to register users with an admin that has control privileges. The server used is a local server and the server code was written with PHP as the back end. The front end was designed using MySQL. PHP server side scripting language was used to modify codes. ‘PDO prepare’ a tool to prepare parameters to be executed. The proposed method proved to be efficient in the context of its ability to prevent all types of SQL injection attacks. Acunetix was used to test the vulnerability of the code, and the code was implemented on a simple website with a simple database. Some popular SQL injection attack tools and web application security datasets have been used to validate the model. Unlike most approaches, the proposed method is quite simple to implement yet highly effective. The results obtained are promising with a high accuracy rate for detection of SQL injection attack.

Download Full-text

Penerapan Sistem Keamanan Web Menggunakan Metode Web Aplication Firewall

JURNAL AMPLIFIER : JURNAL ILMIAH BIDANG TEKNIK ELEKTRO DAN KOMPUTER ◽

10.33369/jamplifier.v11i1.16683 ◽

2021 ◽

Vol 11 (1) ◽

pp. 37-42

Author(s):

Riska Riska ◽

Hendri Alamsyah

Keyword(s):

Web Application ◽

Web Security ◽

Security System ◽

Error Message ◽

Sql Injection ◽

Rule Based ◽

Public Network ◽

The Right ◽

Cross Site ◽

The Web

The application of a security system on the web needs to be done considering that the web itself can be accessed through a public network. In this study, a Web Application Firewall (WAF)-based security system will be implemented using modsecurity, in which the purpose of implementing this web security system is to understand the concept of a security system on the web and pay attention to the results before the application of the firewall and after the application of the firewall on the web. This research uses experimental research methods, in this study the implementation of a web application firewall (WAF) using modsecurity as a web security system is carried out, then an analysis is carried out to get the right recommendations for a firewall as a web security system. The results of this study indicate that a firewall using the modSecurity module and rule based on the Web Application Firewall (WAF) on a web security system can block SQL Injection, Cross Site Scripting (XSS), and Command Execution by displaying an error message to the user who performs the command.

Download Full-text