scholarly journals Defending Against Modern Threats in Web Applications

2012 ◽  
pp. 43-46
Author(s):  
Mohit Kumar ◽  
Abhishek Gupta ◽  
Azhar Shadab ◽  
Lokesh Kumar ◽  
Vikas Kumar Tiwari
Keyword(s):  
Vulnerability Assessment ◽  
Web Applications ◽  
Sql Injection ◽  
Critical Part ◽  
Treasure Trove ◽  
Major Threat ◽  
Automated Tools ◽  
Cross Site Request Forgery ◽  
Cross Site

Web applications have become critical part of business. They hold a treasure trove of data behind their front ends. Now-adays attackers are well aware of the valuable information accessible through web applications, so website security has become a major problem today. The number of vulnerabilities have multiplied in recent years. Vulnerabilities like cross site scripting(XSS),sql injection and cross site request forgery(CSRF) has emerged as a major threat to web applications. So, in order to protect web applications from these modern threats, at first vulnerability assessment should be carried out from time to time and also some preventive techniques should be followed to prevent these threats. The motivation of this paper is to promote the use of automated tools for vulnerability assessment and to follow preventive techniques in order to make web applications secure.

scholarly journals SQL Injection and Cross Site Scripting Prevention using OWASP ModSecurity Web Application Firewall

2018 ◽  
Vol 2 (4) ◽  
pp. 286 ◽  
Author(s):  
Robinson ◽  
Memen Akbar ◽  
Muhammad Arif Fadhly Ridha
Keyword(s):  
Web Application ◽  
Web Applications ◽  
Monitoring Network ◽  
Sql Injection ◽  
Web Application Security ◽  
Ip Address ◽  
Application Security ◽  
Rule Set ◽  
Security Rule ◽  
Cross Site

Web Application or website are widely used to provide functionality that allows companies to build and maintain relationships with their customers. The Information stored by web applications is often confidential and, if obtained by malicious attackers. Its exposure could result in substantial losses for both consumers and companies. SQL Injection and Cross Site Scripting are attacks that aiming web application database vulnerabilities. Its can allow malicious attackers to manipulate web server database that can cause various data lost, information thieving, and inconsistent of data. Therefore, this research propose the Open Web Application Security Project (OWASP) ModSecurity Core Rule Set which can help administrator securing the web servers. OWASP operate by blocking IP Address which try to breaking the security rule, monitoring network traffic and preventing suspicious network requesting from outside.

scholarly journals Analisis Keamanan Sistem Informasi Akademik (SIAKAD) Universitas XYZ Menggunakan Metode Vulnerability Assessment

2021 ◽  
Vol 6 (3) ◽  
pp. 131
Author(s):  
Erick Irawadi Alwi ◽  
Lutfi Budi Ilmawan
Keyword(s):  
Vulnerability Assessment ◽  
Assessment Method ◽  
Assessment Tools ◽  
Risk Level ◽  
Brute Force ◽  
Security Vulnerabilities ◽  
Medium Risk ◽  
Academic Information ◽  
Cross Site Request Forgery ◽  
Cross Site

The use of academic information systems (siakad) has become mandatory for universities in providing user convenience in online academic administrative activities. However, sometimes college siakad has security holes that irresponsible people can take advantage of by hacking. This study aims to identify security vulnerabilities at XYZ Siakad University. The method used in this study is a vulnerability assessment method. A university syakad will conduct an initial vulnerability assessment by doing footprinting to get information related to XYZ syakad after that a vulnerability scan is carried out using vulnerability assessment tools to identify vulnerabilities and the level of risk found. Based on the vulnerability of the XYZ university's vulnerabilities, it is quite good, with a high risk level of 1, a medium risk level of 6 and a low risk level of 14. Researchers provide recommendations for improvements related to the findings of security holes in XYZ university Siakad from XSS (Cross Site Scripting) attacks, Clickjacking, Brute Force, Cross-site Request Forgery (CSRF) and Sniffing.

scholarly journals Keamanan Aplikasi Web Melalui Penerapan Cross Site Request Forgery(CSRF)

2016 ◽  
Vol 1 (2) ◽  
pp. 46-62
Author(s):  
Taufik Ramadan Firdaus
Keyword(s):  
Web Application ◽  
Web Applications ◽  
Treatment Method ◽  
The Internet ◽  
Wide Range ◽  
The Media ◽  
Cross Site Request Forgery ◽  
Cross Site ◽  
The Web

Currently the Internet became one of the media that can not be separated, as well as a wide variety of applications supplied her. As the development of technologies, reliance on Web applications also increased. However, web applications have a wide range of threats, one of it is a CSRF (Cross-Site Request Forgery). This study uses CSRF (Cross-Site Request Forgery) Protection. CSRF (Cross-Site Request Forgery) Protection is a treatment method that has a variety of ways, one of which uses a token in the session when the user login. Token generated at login will be used as a user id that the system of web applications to identify where the request originated.  The results of this study are expected in order to increase web application defenses against CSRF (Cross-Site Request Forgery), so that web application users will be able to feel safe in using the Internet and its various feature. Reduced level of attacks on web applications. So that visitor traffic on the web application can be increased.

scholarly journals Detection and Avoidance of Web Vulnerability using XSS

2019 ◽  
Vol 8 (2) ◽  
pp. 1737-1740
Keyword(s):  
Life Style ◽  
Web Applications ◽  
Sensitive Information ◽  
Storage Medium ◽  
Sql Injection ◽  
Critical Information ◽  
Cross Site

In today’s life style web applications have become so much essential part. We make use of web applications in most of our day-to-day activities. Hence it has become a big challenge to protect these web applications from hacking. Databases are central to modern websites as they provide storage medium for critical information. It may be of any companies’ sensitive information. Henceforth these websites are targeted by malicious users to gain authority. This paper provides necessary security to the websites, blogs from being attacked and miss leaded. It detects the attack and soon after well avoid by script posting. The application also demonstrate login through SQL injection[16][17] without having the proper required credentials. Keywords:-XSS-Cross site scripting, Detection, Prevention, Web vulnerability.

scholarly journals Addressing Web Application Security Issues and Vulnerabilities Assessment Pen Testing

2020 ◽  
Vol 8 (6) ◽  
pp. 2314-2321
Keyword(s):  
Vulnerability Assessment ◽  
Web Application ◽  
Web Applications ◽  
Sensitive Information ◽  
Security Measures ◽  
Security Issues ◽  
Online Sales ◽  
Application Service ◽  
Cross Site ◽  
The Web

The world relies heavily on the Internet, and every organization uses web applications extensively for information sharing, business purposes such as online sales, money transfer, etc., and Exchange services. Nowadays, providing security for web applications is the greatest challenge in the corporate world because web applications will be the main way for their daily business and if the web application is affected, then daily business and reputation will be affected. As many organizations have been using the web application service to share or store sensitive information about their clients and assets. So, Web Applications are inclined to security attacks and new security vulnerabilities have grown in the last two decades in a web application and have become an important target for attackers. So, it is very vital to secure a web application. The vulnerabilities in web applications will incur due to the security misconfigurations, programming mistakes, improper usage of security measures, etc. So, vulnerability assessment and pen testing will help to figure out the different vulnerabilities present in web applications. The websites are also using to deliver the critical services to its customers so it must run every time without any interception, to do this VAPT will play a crucial role. This paper reviews about vulnerability assessment and pretesting steps and types, website vulnerabilities like SQL Injection, Cross-Site scripting, file inclusion, cross-site request forgery, and broken authentication with types and remediations and also discuss how the effect of these vulnerabilities on a web application.

Cross-Site Request Forgery: Vulnerabilities and Defenses

2014 ◽  
Vol 3 (2) ◽  
pp. 13-21 ◽  
Author(s):  
Bharti Nagpal ◽  
Naresh Chauhan ◽  
Nanhay Singh
Keyword(s):  
Cross Site Request Forgery ◽  
Cross Site

scholarly journals Preventive Measures for Cross Site Request Forgery Attacks on Web-based Applications

2018 ◽  
Vol 7 (4.15) ◽  
pp. 130
Author(s):  
Emil Semastin ◽  
Sami Azam ◽  
Bharanidharan Shanmugam ◽  
Krishnan Kannoorpatti ◽  
Mirjam Jonokman ◽  
...  
Keyword(s):  
Web Application ◽  
Web Applications ◽  
Operating Cycle ◽  
Web Application Security ◽  
Web Based ◽  
Business World ◽  
Application Security ◽  
Server Side ◽  
Combined Solution ◽  
Cross Site Request Forgery

Today’s contemporary business world has incorporated Web Services and Web Applications in its core of operating cycle nowadays and security plays a major role in the amalgamation of such services and applications with the business needs worldwide. OWASP (Open Web Application Security Project) states that the effectiveness of security mechanisms in a Web Application can be estimated by evaluating the degree of vulnerability against any of the nominated top ten vulnerabilities, nominated by the OWASP. This paper sheds light on a number of existing tools that can be used to test for the CSRF vulnerability. The main objective of the research is to identify the available solutions to prevent CSRF attacks. By analyzing the techniques employed in each of the solutions, the optimal tool can be identified. Tests against the exploitation of the vulnerabilities were conducted after implementing the solutions into the web application to check the efficacy of each of the solutions. The research also proposes a combined solution that integrates the passing of an unpredictable token through a hidden field and validating it on the server side with the passing of token through URL.  

Sign in / Sign up

Export Citation Format

Share Document