scholarly journals Keamanan Aplikasi Web Melalui Penerapan Cross Site Request Forgery(CSRF)

2016 ◽  
Vol 1 (2) ◽  
pp. 46-62
Author(s):  
Taufik Ramadan Firdaus
Keyword(s):  
Web Application ◽  
Web Applications ◽  
Treatment Method ◽  
The Internet ◽  
Wide Range ◽  
The Media ◽  
Cross Site Request Forgery ◽  
Cross Site ◽  
The Web

Currently the Internet became one of the media that can not be separated, as well as a wide variety of applications supplied her. As the development of technologies, reliance on Web applications also increased. However, web applications have a wide range of threats, one of it is a CSRF (Cross-Site Request Forgery). This study uses CSRF (Cross-Site Request Forgery) Protection. CSRF (Cross-Site Request Forgery) Protection is a treatment method that has a variety of ways, one of which uses a token in the session when the user login. Token generated at login will be used as a user id that the system of web applications to identify where the request originated.  The results of this study are expected in order to increase web application defenses against CSRF (Cross-Site Request Forgery), so that web application users will be able to feel safe in using the Internet and its various feature. Reduced level of attacks on web applications. So that visitor traffic on the web application can be increased.

scholarly journals Cross Site Scripting Attacks in Web-Based Applications

2018 ◽  
Vol 1 (2) ◽  
pp. 25-35
Author(s):  
Aliga Paul Aliga ◽  
Adetokunbo MacGregor John-Otumu ◽  
Rebecca E Imhanhahimi ◽  
Atuegbelo Confidence Akpe
Keyword(s):  
Web Application ◽  
Web Applications ◽  
Learning Ability ◽  
Security Risk ◽  
Web Application Security ◽  
Web Based ◽  
Architectural Framework ◽  
Self Learning ◽  
Cross Site ◽  
The Web

Web-based applications has turn out to be very prevalent due to the ubiquity of web browsers to deliver service oriented application on-demand to diverse client over the Internet and cross site scripting (XSS) attack is a foremost security risk that has continuously ravage the web applications over the years. This paper critically examines the concept of XSS and some recent approaches for detecting and preventing XSS attacks in terms of architectural framework, algorithm used, solution location, and so on. The techniques were analysed and results showed that most of the available recognition and avoidance solutions to XSS attacks are more on the client end than the server end because of the peculiar nature of web application vulnerability and they also lack support for self-learning ability in order to detect new XSS attacks. Few researchers as cited in this paper inculcated the self-learning ability to detect and prevent XSS attacks in their design architecture using artificial neural networks and soft computing approach; a lot of improvement is still needed to effectively and efficiently handle the web application security menace as recommended.

scholarly journals Failure Detection Algorithm for Testing Dynamic Web Applications

2017 ◽  
pp. 37-41
Author(s):  
J. Vijaya Sagar Reddy ◽  
G. Ramesh
Keyword(s):  
Web Sites ◽  
Experimental Evaluation ◽  
Web Application ◽  
Web Applications ◽  
Failure Detection ◽  
Detection Algorithm ◽  
The Internet ◽  
Test Cases ◽  
Dynamic Web ◽  
The Web

Web applications are the most widely used software in the internet. When a web application is developed and deployed in the real environment, It is very severe if any bug found by the attacker or the customer or the owner of the web application. It is the very important to do the proper pre-analysis testing before the release. It is very costly thing if the proper testing of web application is not done at the development location and any bug found at the customer location. For web application testing the existing systems such as DART, Cute and EXE are available. These tools generate test cases by executing the web application on concrete user inputs. These tools are best suitable for testing static web sites and are not suitable for dynamic web applications. The existing systems needs user inputs for generating the test cases. It is most difficult thing for the human being to provide dynamic inputs for all the possible cases. This paper presents algorithms and implementation, and an experimental evaluation that revealed HTML Failures, Execution Failures, Includes in PHP Web applications.

Web Server Hacking

2019 ◽  
pp. 209-243
Keyword(s):  
Web Application ◽  
Web Applications ◽  
Web Server ◽  
Dos Attacks ◽  
Web Servers ◽  
Server Software ◽  
Session Hijacking ◽  
High Level ◽  
Cross Site ◽  
The Web

Organizational web servers reflect the public image of an organization and serve web pages/information to organizational clients via web browsers using HTTP protocol. Some of the web server software may contain web applications that enable users to perform high-level tasks, such as querying a database and delivering the output through the web server to the client browser as an HTML file. Hackers always try to exploit the different vulnerabilities or flaws existing in web servers and web applications, which can pose a big threat for an organization. This chapter provides the importance of protecting web servers and applications along with the different tools used for analyzing the security of web servers and web applications. The chapter also introduces different web attacks that are carried out by an attacker either to gain illegal access to the web server data or reduce the availability of web services. The web server attacks includes denial of service (DOS) attacks, buffer overflow exploits, website defacement with sql injection (SQLi) attacks, cross site scripting (XSS) attacks, remote file inclusion (RFI) attacks, directory traversal attacks, phishing attacks, brute force attacks, source code disclosure attacks, session hijacking, parameter form tampering, man-in-the-middle (MITM) attacks, HTTP response splitting attacks, cross-site request forgery (XSRF), lightweight directory access protocol (LDAP) attacks, and hidden field manipulation attacks. The chapter explains different web server and web application testing tools and vulnerability scanners including Nikto, BurpSuite, Paros, IBM AppScan, Fortify, Accunetix, and ZAP. Finally, the chapter also discusses countermeasures to be implemented while designing any web application for any organization in order to reduce the risk.

Addressing the Credibility of Web Applications

2008 ◽  
pp. 23-28 ◽  
Author(s):  
Pankaj Kamthan
Keyword(s):  
Web Application ◽  
Web Applications ◽  
Consumer Confidence ◽  
Future Research ◽  
The Internet ◽  
Different Types ◽  
Set Up ◽  
The Web

The Internet, particularly the Web, has opened new vistas for businesses. The ability that anyone, using (virtually) any device could be reached anytime and anywhere presents a tremendous commercial prospective. In retrospect, the fact that almost anyone can set up a Web Application claiming to offer products and services raises the question of credibility from a consumers’ viewpoint. If not addressed, there is a potential for lost consumer confidence, thus significantly reducing the advantages and opportunities the Web as a medium offers. Establishing credibility is essential for an organization’s reputation (Gibson, 2002) and for building consumers’ trust (Kamthan, 1999). The rest of the article is organized as follows. We first provide the motivational background necessary for later discussion. This is followed by the introduction of a framework within which different types of credibility in the context of Web Applications can be systematically addressed and thereby improved. Next, challenges and directions for future research are outlined. Finally, concluding remarks are given.

Server Side Method to Detect and Prevent Stored XSS Attack

2021 ◽  
Vol 17 (2) ◽  
pp. 58-65
Author(s):  
Iman Khazal ◽  
Mohammed Hussain
Keyword(s):  
Open Source ◽  
Web Application ◽  
Web Applications ◽  
User Input ◽  
Server Side ◽  
Cross Site ◽  
The Web

Cross-Site Scripting (XSS) is one of the most common and dangerous attacks. The user is the target of an XSS attack, but the attacker gains access to the user by exploiting an XSS vulnerability in a web application as Bridge. There are three types of XSS attacks: Reflected, Stored, and Dom-based. This paper focuses on the Stored-XSS attack, which is the most dangerous of the three. In Stored-XSS, the attacker injects a malicious script into the web application and saves it in the website repository. The proposed method in this paper has been suggested to detect and prevent the Stored-XSS. The prevent Stored-XSS Server (PSS) was proposed as a server to test and sanitize the input to web applications before saving it in the database. Any user input must be checked to see if it contains a malicious script, and if so, the input must be sanitized and saved in the database instead of the harmful input. The PSS is tested using a vulnerable open-source web application and succeeds in detection by determining the harmful script within the input and prevent the attack by sterilized the input with an average time of 0.3 seconds.

Security Issues in Web Services

2018 ◽  
pp. 57-64
Author(s):  
Priyanka Dixit
Keyword(s):  
Web Application ◽  
Web Applications ◽  
Future Research ◽  
The Internet ◽  
Web Application Security ◽  
Web Based ◽  
Security Issues ◽  
Digital World ◽  
Important Region ◽  
The Web

This chapter describes how security is an important aspect in today's digital world. Every day technology grows with new advancements in various areas, especially in the development of web-based applications. All most all of the web applications are on the internet, hence there is a large probability of attacks on those applications and threads. This makes security necessary while developing any web application. Lots of techniques have been developed for mitigating and defending against threats to the web based applications over the internet. This chapter overviews the important region of web application security, by sequencing the current strategies into a major picture to further the future research and advancement. Firstly, this chapter explains the major problem and obstacles that makes efforts unsuccessful for developing secure web applications. Next, this chapter distinguishes three basic security properties that a web application should possess: validation, integrity, accuracy and portray the comparing vulnerabilities that damage these properties alongside the assault vectors that contain these vulnerabilities.

scholarly journals An Approach to Implement Cryptographic Protocol Version Downgrade Within a Secure Internal Network: TLS 1.x to SSL

2019 ◽  
Vol 13 (10) ◽  
pp. 179
Author(s):  
Ganeshkumar S ◽  
Elango Govindaraju
Keyword(s):  
Web Application ◽  
Web Applications ◽  
The Internet ◽  
Cryptographic Protocol ◽  
End User ◽  
Web Based ◽  
Internal Network ◽  
Prohibitive Cost ◽  
Private Network ◽  
The Web

The end to end encryption of connections over the internet have evolved from SSL to TLS 1.3 over the years. Attacks have exposed vulnerabilities on each upgraded version of the cryptographic protocols used to secure connections over the internet. Organisations have to keep updating their web based applications to use the latest cryptographic protocol to ensure users are protected and feel comfortable using their web applications. But, the problem is that, web applications are not always standalone systems, there is usually a maze of systems that are integrated to provide services to the end user. The interactions between these systems happens within the controlled internal private network environment of the organisation. While only the front ending web application is visible to the end user. It is not often feasible to upgrade all internal systems to use the latest cryptographic protocol for internal interfaces/integration due to prohibitive cost of redevelopment and upgrades to infra and systems. Here we define an algorithm to setup internal & external firewalls to downgrade to a lower version of the cryptographic protocol (SSL) within the internal network for the integration/interfacing connections of internal systems while mandating the latest cryptographic protocol (TLS 1.x) for end user connections to the web application.

scholarly journals Temporal Lensing: An Interactive and Scalable Technique for Web3D/WebXR Applications in Cultural Heritage

Heritage ◽  
2021 ◽  
Vol 4 (2) ◽  
pp. 710-724
Author(s):  
Bruno Fanini ◽  
Daniele Ferdani ◽  
Emanuel Demetrescu
Keyword(s):  
Cultural Heritage ◽  
Web Application ◽  
Web Applications ◽  
Interaction Model ◽  
Archaeological Sites ◽  
The Past ◽  
Wide Range ◽  
Interactive 3D ◽  
Over Time ◽  
The Web

Today, Web3D technologies and the rise of new standards, combined with faster browsers and better hardware integration, allow the creation of engaging and interactive web applications that target the field of cultural heritage. Functional, accessible, and expressive approaches to discovering the past starting from the present (or vice-versa) are generally a strong requirement. Cultural heritage artifacts, decorated walls, etc. can be considered as palimpsests with a stratification of different actions over time (modifications, restorations, or even reconstruction of the original artifact). The details of such an articulated cultural record can be difficult to distinguish and communicate visually, while entire archaeological sites often exhibit profound changes in terms of shape and function due to human activities over time. The web offers an incredible opportunity to present and communicate enriched 3D content using common web browsers, although it raises additional challenges. We present an interactive 4D technique called “Temporal Lensing”, which is suitable for online multi-temporal virtual environments and offers an expressive, accessible, and effective way to locally peek into the past (or into the future) by targeting interactive Web3D applications, including those leveraging recent standards, such as WebXR (immersive VR on the web). This technique extends previous approaches and presents different contributions, including (1) a volumetric, temporal, and interactive lens approach; (2) complete decoupling of the involved 3D representations from the runtime perspective; (3) a wide range applications in terms of size (from small artifacts to entire archaeological sites); (4) cross-device scalability of the interaction model (mobile devices, multi-touch screens, kiosks, and immersive VR); and (5) simplicity of use. We implemented and developed the described technique on top of an open-source framework for interactive 3D presentation of CH content on the web. We show and discuss applications and results related to three case studies, as well as integrations of the temporal lensing with different input interfaces for dynamically interacting with its parameters. We also assessed the technique within a public event where a remote web application was deployed on tablets and smartphones, without any installation required by visitors. We discuss the implications of temporal lensing, its scalability from small to large virtual contexts, and its versatility for a wide range of interactive 3D applications.

scholarly journals Data System of the Finnish Profitability Bookkeeping

2012 ◽  
pp. 1-5
Author(s):  
Sami Chaudhary ◽  
Olli Rantala
Keyword(s):  
Web Application ◽  
Web Applications ◽  
System Development ◽  
Data System ◽  
Economic Research ◽  
The Internet ◽  
Desktop Application ◽  
Internet Information ◽  
Complex Architecture ◽  
The Web

MTT Economic research monitors the economy and financial development of agricultural and horticultural enterprises and reindeer farms on the basis of farm level accountancy data. Around 1000 enterprises from all over Finland are voluntarily participating the profitability bookkeeping providing their bookkeeping data to be used as research and statistical material. During the long history since 1912 and especially in recent decades the data system has gone through many technical changes from manual systems to desktop adb-systems and finally to internet based web application. The system development work has also produced many significant innovations. The data of farms has been recorded since 1998 by using dedicated bookkeeping program martti, which is a windows based desktop application. We are now in the process of deploying the existing application to a web application so that the data can be stored online over internet. The recent PowerBuilder versions allow deploying the existing PowerBuilder desktop applications as web applications after making required changes in the application code. PowerBuilder uses the .NET infrastructure to generate the ASP.NET web application. By taking advantage of this feature of PowerBuilder, we have deployed our desktop application martti to the web application. The web application consists of three tier architecture: the front end with the client browser, PowerBuilder components on the Internet Information Services (IIS) server and the back end database to store the data. Web applications have several advantages over traditional client-server applications relating to i.e. installation, application maintenance, dynamic settings and management.The simple PowerBuilder applications work on the internet after deploying without problems, however the complex applications may not work smoothly on the internet. Because of complex architecture of martti application, there are also some challenges and limitations to deploy and use as a web application.

scholarly journals A hybrid of CNN and LSTM methods for securing web application against cross-site scripting attack

2021 ◽  
Vol 21 (2) ◽  
pp. 1022
Author(s):  
Raed Waheed Kadhim ◽  
Methaq Talib Gaata
Keyword(s):  
Neural Network ◽  
Web Application ◽  
Web Applications ◽  
Excellent Result ◽  
Test Word ◽  
Short Term ◽  
Data Set ◽  
Proposed Model ◽  
Cross Site ◽  
The Web

<span>Cross-site scripting (XSS) is today one of the biggest threatthat could targeting the Web application. Based on study published by the open web applications security project (OWASP), XSS vulnerability has been present among the TOP 10 Web application vulnerabilities.Still,an important security-related issue remains how to effectively protect web applications from XSS attacks.In first part of this paper, a method for detecting XSS attack was proposed by combining </span><span lang="EN-GB">convolutional</span><span> neural network (CNN) with long short term memories<strong> (</strong>LSTM), Initially, pre-processing was applied to XSS Data Set by decoding, generalization and tokanization, and then word2vec was applied to convert words into word vectors in XSS payloads. And then we use the combination CNN with LSTM to train and test word vectors to produce a model that can be used in a web application. Based on the obtaned results, it is observed that the proposed model achevied an excellent result with accuracy of 99.4%.</span>

Sign in / Sign up

Export Citation Format

Share Document