Research Article | Open Access | Download PDF
Volume 72 | Issue 7 | Year 2024 | Article Id. IJETT-V72I7P130 | DOI : https://doi.org/10.14445/22315381/IJETT-V72I7P130
Enhancing Security to Prevent Vulnerabilities in Web Applications
Shekhar Disawal, Ugrasen Suman
| Received | Revised | Accepted | Published |
|---|---|---|---|
| 06 Mar 2024 | 06 Jun 2024 | 14 Jun 2024 | 26 Jul 2024 |
Citation :
Shekhar Disawal, Ugrasen Suman, "Enhancing Security to Prevent Vulnerabilities in Web Applications," International Journal of Engineering Trends and Technology (IJETT), vol. 72, no. 7, pp. 278-283, 2024. Crossref, https://doi.org/10.14445/22315381/IJETT-V72I7P130
Abstract
The security of web applications remains a critical concern amidst escalating cyber threats and vulnerabilities. This research paper presents findings from an experimental study conducted on five websites using the pentest scanning tool. The experiment aimed to assess the vulnerabilities present in these web applications and identify potential security gaps. The prevalence of vulnerabilities such as SQL injection, Missing HttpOnly flag, and inadequate Content-Security-Policy underscores the urgent need for proactive measures to enhance web application security. Leveraging insights gained from the experiment, a novel Quality Enhancement Model for Secured Web Applications (QEMSWA) is proposed. This model integrates best practices and proactive strategies to fortify the security posture of web applications, addressing key areas such as the identification of assets, secure coding practices, code review, and effective vulnerability analysis. By proposing a recommendation model, this research seeks to empower organizations to mitigate risks and safeguard their web applications against emerging threats. Through the development of the QEMSWA model, this study contributes to ongoing efforts to establish a more resilient and secure digital environment.
Keywords
Web service, Web security, Vulnerability, Quality of security.
References
[1] Software Assurance Maturity Model - A Guide to Building Security into Software Development - Version 1.0, OWASP, pp. 1-96, 2010. [Online]. Available: https://opensamm.org/downloads/SAMM-1.0.pdf
[2] Top 10 Web Application Security Risks, OWASP. [Online]. Available: https://owasp.org/www-project-top-ten/
[3] Gergely Trifonov, “Reducing the Number of Security Vulnerabilities in Web Applications by Improving Software Quality,” 2009 5th International Symposium on Applied Computational Intelligence and Informatics, Timisoara, Romania, pp. 511-54, 2009.
[CrossRef] [Google Scholar] [Publisher Link]
[4] Ricardo Araújo, António Pinto, and Pedro Pinto, “A Performance Assessment of Free-to-Use Vulnerability Scanners - Revisited,” ICT Systems Security and Privacy Protection, IFIP Advances in Information and Communication Technology, Oslo, Norway, vol. 625, pp. 53-65, 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[5] Adam Doupé, Marco Cova, and Giovanni Vigna, “Why Johnny Can’t Pentest: An Analysis of Black-Box Web Vulnerability Scanners,” Detection of Intrusions and Malware, and Vulnerability Assessment: 7th International Conference, Bonn, Germany, pp. 111-131, 2010.
[CrossRef] [Google Scholar] [Publisher Link]
[6] Sushila Madan, and Supriya Madan, “Security Standards Perspective to Fortify Web Database Applications from Code Injection Attacks,” 2010 International Conference on Intelligent Systems, Modelling and Simulation, Liverpool, UK, pp. 226-230, 2010.
[CrossRef] [Google Scholar] [Publisher Link]
[7] C. Striletchi, and M.F. Vaida, “Enhancing the Security of Web Applications,” Proceedings of the 25th International Conference on Information Technology Interfaces, Cavtat, Croatia, pp. 463-468, 2003.
[CrossRef] [Google Scholar] [Publisher Link]
PDF 
Citation
Abstract
Keywords
References