Enhancement of Web Security Against External Attack

The security of web-based services is currently playing a vital role for the software industry. In recent years, many technologies and standards have emerged in order to handle the security issues related to web services. This paper shows techniques to enhance the security of web services, and some of the recent challenges and recommendations of a proposed model to secure web services. It shows the security process of a real life web application, which includes; HTML5 forms, login security, and a single signon solution. This paper also aim to discuss the ten (10) most common web security vulnerabilities and how to prevent the web application from three (3) of the vulnerabilities. Amongst them are; SQL Injection, Cross Site Scripting and Broken Authentication, and Session Management.

[1]  Ellis E. Eghan,et al.  Tracing known security vulnerabilities in software repositories - A Semantic Web enabled modeling approach , 2016, Sci. Comput. Program..

[2]  Swapnil Kharche,et al.  Preventing SQL Injection attack using pattern matching algorithm , 2015, ArXiv.

[3]  Sayyed Mohammad Sadegh Sajjadi,et al.  Study of SQL Injection Attacks and Countermeasures , 2013 .

[4]  Brij B. Gupta,et al.  CSSXC: Context-sensitive Sanitization Framework for Web Applications against XSS Vulnerabilities in Cloud Environments , 2016 .

[5]  Bob Duncan,et al.  Enterprise IoT Security and Scalability: How Unikernels can Improve the Status Quo , 2016, 2016 IEEE/ACM 9th International Conference on Utility and Cloud Computing (UCC).

[6]  Daiki Koizumi,et al.  On the approximate maximum likelihood estimation in stochastic model of SQL injection attacks , 2016, 2016 IEEE International Conference on Systems, Man, and Cybernetics (SMC).

[7]  Vitaly Shmatikov,et al.  Constraint solving for bounded-process cryptographic protocol analysis , 2001, CCS '01.

[8]  Prashant S. Shinde,et al.  Design and Implementation of VAPT Tool for Cyber Security Analysis using Response Analysis , 2016 .

[9]  John C. Mitchell,et al.  Automated analysis of cryptographic protocols using Mur/spl phi/ , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[10]  John Ulrich,et al.  Automated Analysis of Cryptographic Protocols Using Mur ' , 1997 .

[11]  Collin Jackson,et al.  Robust defenses for cross-site request forgery , 2008, CCS.