Enhancing Security to Prevent Vulnerabilities in Web Applications

Enhancing Security to Prevent Vulnerabilities in Web Applications

  IJETT-book-cover           
  
© 2024 by IJETT Journal
Volume-72 Issue-7
Year of Publication : 2024
Author : Shekhar Disawal, Ugrasen Suman
DOI : 10.14445/22315381/IJETT-V72I7P130

How to Cite?

Shekhar Disawal, Ugrasen Suman, "Enhancing Security to Prevent Vulnerabilities in Web Applications," International Journal of Engineering Trends and Technology, vol. 72, no. 7, pp. 278-283, 2024. Crossref, https://doi.org/10.14445/22315381/IJETT-V72I7P130

Abstract
The security of web applications remains a critical concern amidst escalating cyber threats and vulnerabilities. This research paper presents findings from an experimental study conducted on five websites using the pentest scanning tool. The experiment aimed to assess the vulnerabilities present in these web applications and identify potential security gaps. The prevalence of vulnerabilities such as SQL injection, Missing HttpOnly flag, and inadequate Content-Security-Policy underscores the urgent need for proactive measures to enhance web application security. Leveraging insights gained from the experiment, a novel Quality Enhancement Model for Secured Web Applications (QEMSWA) is proposed. This model integrates best practices and proactive strategies to fortify the security posture of web applications, addressing key areas such as the identification of assets, secure coding practices, code review, and effective vulnerability analysis. By proposing a recommendation model, this research seeks to empower organizations to mitigate risks and safeguard their web applications against emerging threats. Through the development of the QEMSWA model, this study contributes to ongoing efforts to establish a more resilient and secure digital environment.

Keywords
Web service, Web security, Vulnerability, Quality of security.

References
[1] Software Assurance Maturity Model - A Guide to Building Security into Software Development - Version 1.0, OWASP, pp. 1-96, 2010. [Online]. Available: https://opensamm.org/downloads/SAMM-1.0.pdf
[2] Top 10 Web Application Security Risks, OWASP. [Online]. Available: https://owasp.org/www-project-top-ten/
[3] Gergely Trifonov, “Reducing the Number of Security Vulnerabilities in Web Applications by Improving Software Quality,” 2009 5th International Symposium on Applied Computational Intelligence and Informatics, Timisoara, Romania, pp. 511-54, 2009.
[CrossRef] [Google Scholar] [Publisher Link]
[4] Ricardo Araújo, António Pinto, and Pedro Pinto, “A Performance Assessment of Free-to-Use Vulnerability Scanners - Revisited,” ICT Systems Security and Privacy Protection, IFIP Advances in Information and Communication Technology, Oslo, Norway, vol. 625, pp. 53-65, 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[5] Adam Doupé, Marco Cova, and Giovanni Vigna, “Why Johnny Can’t Pentest: An Analysis of Black-Box Web Vulnerability Scanners,” Detection of Intrusions and Malware, and Vulnerability Assessment: 7th International Conference, Bonn, Germany, pp. 111-131, 2010.
[CrossRef] [Google Scholar] [Publisher Link]
[6] Sushila Madan, and Supriya Madan, “Security Standards Perspective to Fortify Web Database Applications from Code Injection Attacks,” 2010 International Conference on Intelligent Systems, Modelling and Simulation, Liverpool, UK, pp. 226-230, 2010.
[CrossRef] [Google Scholar] [Publisher Link]
[7] C. Striletchi, and M.F. Vaida, “Enhancing the Security of Web Applications,” Proceedings of the 25th International Conference on Information Technology Interfaces, Cavtat, Croatia, pp. 463-468, 2003.
[CrossRef] [Google Scholar] [Publisher Link]