Relevant bibliographies by topics / Security of web applications / Journal articles
To see the other types of publications on this topic, follow the link: Security of web applications.

Journal articles on the topic 'Security of web applications'

Author: Grafiati
Published: 4 June 2021
Last updated: 20 June 2025

Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles

Select a source type:

Consult the top 50 journal articles for your research on the topic 'Security of web applications.'

Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.

You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.

Browse journal articles on a wide variety of disciplines and organise your bibliography correctly.

1

Wu, Raymond, and Masayuki Hisada. "SOA Web Security and Applications." Journal of Object Technology 9, no. 2 (2010): 163. http://dx.doi.org/10.5381/jot.2010.9.2.a4.

Full text
APA, Harvard, Vancouver, ISO, and other styles
2

Erşahin, Buket, and Mustafa Erşahin. "Web application security." South Florida Journal of Development 3, no. 4 (2022): 4194–203. http://dx.doi.org/10.46932/sfjdv3n4-002.

Full text
Abstract:
This study aims to show how security flaws of web applications can threat information security. Web Application Security is a branch of Information Security which focuses on web application level security flaws and their solutions. Evolution of Web continues with a big momentum. Amount of information shared over Web increases every day, various business domains continue to integrate their operations to digital world. This brings its own risks and makes Information Security of Web Applications more important than ever. Most common and serious Web vulnerabilities have been analyzed along with their solutions. This study focuses on how web developers can already prevent security problems during the development life cycle. What are the best practices to follow before/during the development and post-development phases? Which security tools can be used to support developers? Building totally secure web applications is not an easy job. Following security standards and development cycles with security concerns can already prevent most of the potential problems. A security checklist for web developers came out at the end of the study. Evolving web technologies and new security threats force us to keep this checklist up to date. We are working on a mechanism which will keep this checklist up to date.
APA, Harvard, Vancouver, ISO, and other styles
3

Jalgasbaevna, PerdebaevaInabat. "Identifying andMitigating Security Vulnerabilities inWeb Applications." American Journal of Applied Science and Technology 5, no. 5 (2025): 10–11. https://doi.org/10.37547/ajast/volume05issue05-03.

Full text
Abstract:
As web applications continue to play a critical role in modern digital infrastructure, their security has become a major concern. This article explores the most common types of security vulnerabilities in web applications, including SQL injection, cross-site scripting (XSS), cross-site request forgery (CSRF), and broken authentication. It further outlines various techniques for identifying and mitigating these vulnerabilities, such as input validation, secure coding practices, use of security headers, and implementation of secure authentication mechanisms. The paper also emphasizes the importance of adopting a secure software development lifecycle (SSDLC), updating third-party components, and fostering security awareness among developers. By applying a combination of proactive strategies, organizations can effectively reduce risks, protect sensitive data, and maintain the integrity of their web-based services.
APA, Harvard, Vancouver, ISO, and other styles
4

Pankaj, Choudhary, Aaseri Rajendra, and Roberts Nirmal. "HTTPI BASED WEB SERVICE SECURITY OVER SOAP." International Journal of Network Security & Its Applications (IJNSA) 5, no. 3 (2013): 55–66. https://doi.org/10.5281/zenodo.4278394.

Full text
Abstract:
Now a days, a new family of web applications 'open applications’, are emerging (e.g., Social Networking, News and Blogging). Generally, these open applications are non-confidential. The security needs of these applications are only client/server authentication and data integrity. For securing these open applications, effectively and efficiently, HTTPI, a new transport protocol is proposed, which ensures the entire security requirements of open applications. Benefit of using the HTTPI is that it is economical in use, well-suited for cache proxies, like HTTP is, and provides security against many Internet attacks (Server Impersonation and Message Modification) like HTTPS does. In terms of performance HTTPI is very close to the HTTP, but much better than HTTPS. A Web service is a method of communication between two ends over the Internet. These web services are developed over XML and HTTP. Today, most of the open applications use web services for most of their operations. For securing these web services, security design based on HTTPI is proposed. Our work involves securing the web services over SOAP, based on the HTTPI. This secure web service might be applicable for open applications, where authentication and integrity is needed, but no confidentiality required. In our paper, we introduce a web service security model based on HTTPI protocol over SOAP and develop a preliminary implementation of this model. We also analyze the performance of our approach through an experiment and show that our proposed approach provides higher throughput, lower average response time and lower response size than HTTPS based web service security approach.
APA, Harvard, Vancouver, ISO, and other styles
5

Shah, Sarthak. "Fortifying Data Security." International Journal of Applied and Advanced Multidisciplinary Research 1, no. 3 (2023): 221–28. http://dx.doi.org/10.59890/ijaamr.v1i3.679.

Full text
Abstract:
This paper delves into the crucial aspects of authentication and authorization in modern web applications with a focus on enhancing data security. It explores the use of Node.js, a versatile server-side language, for building web applications and discusses the significance of a secure website for establishing trust between clients and servers. The research covers the implementation of authentication using packages and hashing algorithms, emphasizing the importance of "salt" and "pepper" for password security. Authorization methods, including cookies, sessions, and middleware, are also explored. The paper highlights the necessity of robust security measures to safeguard user data from the dark web and points to future directions in web security, including the role of blockchain and artificial intelligence in the WEB3 landscape.
APA, Harvard, Vancouver, ISO, and other styles
6

Alrawais, Layla Mohammed, Mamdouh Alenezi, and Mohammad Akour. "Security Testing Framework for Web Applications." International Journal of Software Innovation 6, no. 3 (2018): 93–117. http://dx.doi.org/10.4018/ijsi.2018070107.

Full text
Abstract:
The growth of web-based applications has increased tremendously from last two decades. While these applications bring huge benefits to society, yet they suffer from various security threats. Although there exist various techniques to ensure the security of web applications, still a large number of applications suffer from a wide variety of attacks and result in financial loses. In this article, a security-testing framework for web applications is proposed with an argument that security of an application should be tested at every stage of software development life cycle (SDLC). Security testing is initiated from the requirement engineering phase using a keyword-analysis phase. The output of the first phase serves as input to the next phase. Different case study applications indicate that the framework assists in early detection of security threats and applying appropriate security measures. The results obtained from the implementation of the proposed framework demonstrated a high detection ratio with a less false-positive rate.
APA, Harvard, Vancouver, ISO, and other styles
7

Morgan, David. "Network security and custom Web applications." Network Security 2004, no. 4 (2004): 15–17. http://dx.doi.org/10.1016/s1353-4858(04)00068-6.

Full text
APA, Harvard, Vancouver, ISO, and other styles
8

Joshi, James B. D., Walid G. Aref, Arif Ghafoor, and Eugene H. Spafford. "Security models for web-based applications." Communications of the ACM 44, no. 2 (2001): 38–44. http://dx.doi.org/10.1145/359205.359224.

Full text
APA, Harvard, Vancouver, ISO, and other styles
9

Ayyarrappan, Mariappan. "Optimizing Cloud Security for Web Applications." Journal of Artificial Intelligence, Machine Learning and Data Science 1, no. 3 (2023): 2520–22. https://doi.org/10.51219/jaimld/mariappan-ayyarrappan/539.

Full text
APA, Harvard, Vancouver, ISO, and other styles
10

Alzahrani, Abdulrahman, Ali Alqazzaz, Nabil Almashfi, Huirong Fu, and Ye Zhu. "Web Application Security Tools Analysis." Studies in Media and Communication 5, no. 2 (2017): 118. http://dx.doi.org/10.11114/smc.v5i2.2663.

Full text
Abstract:
Strong security in web applications is critical to the success of your online presence. Security importance has grown massively, especially among web applications. Dealing with web application or website security issues requires deep insight and planning, not only because of the many tools that are available but also because of the industry immaturity. Thus, finding the proper tools requires deep understanding and several steps, including analyzing the development environment, business needs, and the web applications’ complexity. In this paper, we demonstrate the architecture of web applications then list and evaluate the widespread security vulnerabilities. Those vulnerabilities are: Fingerprinting, Insufficient Transport Layer Protection, Information Leakage, Cross-Site Scripting, SQL Injection, and HTTP Splitting. In addition, this paper analyzes the tools that are used to scan for these widespread vulnerabilities in web applications. Finally, it evaluates tools due to security vulnerabilities and gives recommendations to the web applications’ users and administrators aiming to educate them.
APA, Harvard, Vancouver, ISO, and other styles
11

Wulandari, Kusuma Herdanu, Alayham Abbas Helmi Rabab, and Syamsudin Mariana. "Integration biometrics in web application: Security for web apps." International Research Journal of Science, Technology, Education, and Management 3, no. 2 (2023): 103–16. https://doi.org/10.5281/zenodo.8139747.

Full text
Abstract:
To evaluate the effectiveness of biometric security systems, an information theoretic framework is constructed. First, two performance metrics privacy, determined by the biometric measurements' normalized equivocation rate, and security, determined by the biometric measurements' key generation rate are specified. Then, it is decided that there is a fundamental tradeoff between these two measurements. First, we investigate the case where a potential attacker has no side knowledge. For this situation, the privacy-security region which defines the tradeoff mentioned above is derived. In perfect privacy biometric security systems, common knowledge among random variables plays a significant role. The case where the adversary possesses side knowledge is then considered. In this scenario, the privacy-security tradeoff has inner and outside bounds. Client-server and locally installable apps, which are getting older, have lost a considerable amount of market share to web applications. It is now possible because of some special benefits that web applications provide. They can function just as well as locally installed software and are accessible through web browsers without the need for installation or upkeep. Due to the lack of resources required by enterprises to administer them locally, web applications have gained popularity more swiftly. Now that new technologies, standards, and APIs have been developed, it is possible to employ more information security safeguards. The following sections of this article go into greater detail about web apps, web-based biometrics, and the integration of biometric authentication in web applications.
APA, Harvard, Vancouver, ISO, and other styles
12

Kamil, Mustofa. "Methodology of Security testing of IKID website and Security Vulnerabilities." ACMIT Proceedings 6, no. 1 (2021): 83–90. http://dx.doi.org/10.33555/acmit.v6i1.101.

Full text
Abstract:
Due to the large amount of data stored in web applications and the increasing number of transactions on the web, the right Web Application Security Testing is very important day by day and web application is an important in business life. By increasing complexity of web systems, Security testing has become a very necessary and important activity of the life cycle of developing web applications, web security testing consists of searching for information about the network, application and looking for holes and weakness.
APA, Harvard, Vancouver, ISO, and other styles
13

Горелик, В. Ю., and Д. С. Скоморохов. "Networked web application security." Informacionno-technologicheskij vestnik, no. 1(23) (March 11, 2020): 104–9. http://dx.doi.org/10.21499/2409-1650-2020-23-1-104-109.

Full text
Abstract:
В статье рассматриваются вопросы обеспечения защиты веб-приложений от сетевых угроз. Проведен анализ методов обеспечения сетевой безопасности и безопасности веб-приложений, рассмотрены особенности их осуществления и реализации. Описан процесс комбинирования указанных средств при проектировании и реализации системы защиты для обеспечения безопасности информационной среды предприятий и используемых веб-приложений. This article discusses the issues of protecting web applications from network threats. The analysis of methods for ensuring network security and web application security is carried out, the features of their implementation and implementation are considered. The process of combining these tools in the design and implementation of a security system to ensure the security of the information environment of enterprises and used web applications is described.
APA, Harvard, Vancouver, ISO, and other styles
14

Rizqi, Muhamad Fahrizal, Rohmat Tulloh, and Nazel Djibran. "Implementasi Web Application Firewall untuk Melindungi Aplikasi Web dari Serangan Malware." Jurnal Informatika Universitas Pamulang 8, no. 2 (2023): 341–48. http://dx.doi.org/10.32493/informatika.v8i2.33691.

Full text
Abstract:
At this time Internet services have become a necessity no longer to provide information services, but have become important so there are many cases of websites being hacked by attackers, for that network security is very important to avoid theft of important data Security in a web application is a important aspect to have. Securing a web application can be done by installing a firewall that is connected directly to the server network. Security for a web application usually uses a web application firewall installed on a web server. To overcome a security problem in Web Applications and minimize losses caused by SQL Injection and XSS attacks, we need a way to overcome these attacks. Several security measures have been used, such as the use of fortiweb to set the traffic destination for a web application. In this study, we will use a Web Application Firewall (WAF) device. Because it can protect Web applications from existing malware attacks and zero day malware. This final project will implement a Web Application Firewall (WAF). By way of device configuration and will use DVWA for malware testing. The technology that will be used to monitor malware logs will use VMware. From the results of testing a web application firewall, it is hoped that it can implement and prevent various malware attacks that attack web applications and can monitor the logs of an attacking malware.
APA, Harvard, Vancouver, ISO, and other styles
15

Jovicic, Bojan, and Dejan Simic. "Common web application attack types and security using ASP.NET." Computer Science and Information Systems 3, no. 2 (2006): 83–96. http://dx.doi.org/10.2298/csis0602083j.

Full text
Abstract:
Web applications security is one of the most daunting tasks today, because of security shift from lower levels of ISO OSI model to application level, and because of current situation in IT environment. ASP.NET offers powerful mechanisms to render these attacks futile, but it requires some knowledge of implementing Web application security. This paper focuses on attacks against Web applications, either to gain direct benefit by collecting private information or to disable target sites. It describes the two most common Web application attacks: SQL Injection and Cross Site Scripting, and is based on author?s perennial experience in Web application security. It explains how to use ASP.NET to provide Web applications security. There are some principles of strong Web application security which make up the part of defense mechanisms presented: executing with least privileged account, securing sensitive data (connection string) and proper exception handling (where the new approach is presented using ASP.NET mechanisms for centralized exception logging and presentation). These principles help raise the bar that attacker has to cross and consequently contribute to better security.
APA, Harvard, Vancouver, ISO, and other styles
16

Erbel, Mateusz, and Piotr Kopniak. "Assessment of the web application security effectiveness against various methods of network attacks." Journal of Computer Sciences Institute 9 (December 30, 2018): 340–44. http://dx.doi.org/10.35784/jcsi.707.

Full text
Abstract:
The article discusses the issue of the security of Internet applications. The most popular types of attacks and methods of securing web applications against them are discussed. The study conducted the effectiveness of security of web applications. The research methodology was based on the proprietary application implemented in PHP technology. The result of the research is a proposal of solutions aimed at improving application security.
APA, Harvard, Vancouver, ISO, and other styles
17

Maniraj, S. P., Chitra Sabapathy Ranganathan, and Satheeshkumar Sekar. "SECURING WEB APPLICATIONS WITH OWASP ZAP FOR COMPREHENSIVE SECURITY TESTING." INTERNATIONAL JOURNAL OF ADVANCES IN SIGNAL AND IMAGE SCIENCES 10, no. 2 (2024): 12–23. https://doi.org/10.29284/ijasis.10.2.2024.12-23.

Full text
APA, Harvard, Vancouver, ISO, and other styles
18

Rahela, Sadaf, and Vijay Kumar Dr. "Security Risks in Web Applications and their Mitigation Techniques." International Journal of Innovative Analyses and Emerging Technology 1, no. 1 (2021): 1–6. https://doi.org/10.5281/zenodo.5094548.

Full text
Abstract:
With the advent of modernization in today&rsquo;s world of internet, web application plays a crucial part in all the sectors be it Automobile industry, Food industry, education sector and a most important Banking sector. Since web applications are hosted publicly it is easily accessible due to which Threat actors are targeting websites for stealing critical information and sensitive databases. Although some companies use firewall to protect their company perimeter from external attacks but still most of the attackers are able to bypass the firewall and enter into the web application, the reason being firewall stays in layer 4 of the network layer and most of the attacks happens at layer 7 so internal as well as external protection is required by the developers and the testers to harden the web application by writing a secure code and doing a secure code review. In this paper we will survey the risks pertaining in web application and possible ways to mitigate it<strong>.</strong>
APA, Harvard, Vancouver, ISO, and other styles
19

Abdel-Kader, Rabab F., Mona Nashaat, Mohamed I. Habib, and Hani M. K. Mahdi. "Automated server-side model for recognition of security vulnerabilities in scripting languages." International Journal of Electrical and Computer Engineering (IJECE) 10, no. 6 (2020): 6061. http://dx.doi.org/10.11591/ijece.v10i6.pp6061-6070.

Full text
Abstract:
With the increase of global accessibility of web applications, maintaining a reasonable security level for both user data and server resources has become an extremely challenging issue. Therefore, static code analysis systems can help web developers to reduce time and cost. In this paper, a new static analysis model is proposed. This model is designed to discover the security problems in scripting languages. The proposed model is implemented in a prototype SCAT, which is a static code analysis Tool. SCAT applies the phases of the proposed model to catch security vulnerabilities in PHP 5.3. Empirical results attest that the proposed prototype is feasible and is able to contribute to the security of real-world web applications. SCAT managed to detect 94% of security vulnerabilities found in the testing benchmarks; this clearly indicates that the proposed model is able to provide an effective solution to complicated web systems by offering benefits of securing private data for users and maintaining web application stability for web applications providers.
APA, Harvard, Vancouver, ISO, and other styles
20

Rabab, F. Abdel-Kader, Nashaat Mona, I. Habib Mohamed, and M. K. Mahdi Hani. "Automated server-side model for recognition of security vulnerabilities in scripting languages." International Journal of Electrical and Computer Engineering (IJECE) 10, no. 6 (2020): 6061–70. https://doi.org/10.11591/ijece.v10i6.pp6061-6070.

Full text
Abstract:
With the increase of global accessibility of web applications, maintaining a reasonable security level for both user data and server resources has become an extremely challenging issue. Therefore, static code analysis systems can help web developers to reduce time and cost. In this paper, a new static analysis model is proposed. This model is designed to discover the security problems in scripting languages. The proposed model is implemented in a prototype SCAT, which is a static code analysis tool. SCAT applies the phases of the proposed model to catch security vulnerabilities in PHP 5.3. Empirical results attest that the proposed prototype is feasible and is able to contribute to the security of real-world web applications. SCAT managed to detect 94% of security vulnerabilities found in the testing benchmarks; this clearly indicates that the proposed model is able to provide an effective solution to complicated web systems by offering benefits of securing private data for users and maintaining web application stability for web applications providers.
APA, Harvard, Vancouver, ISO, and other styles
21

Sayan Basak, Mayur Jadhav, Suraj Choudhary, Pranjal Kadam, and Sheetal P. Gawande. "Web Application Security: A Survey." International Research Journal on Advanced Engineering and Management (IRJAEM) 2, no. 08 (2024): 2694–98. http://dx.doi.org/10.47392/irjaem.2024.0390.

Full text
Abstract:
Web applications play a crucial role in modern digital interactions by supporting a wide range of online activities, from social networking to e-commerce. However, the widespread use of web applications has also made security flaws visible and important. This article explores the complex topic of web application security, examining common attack paths, their effects, and the need for strong security measures. Phishing, XSS, and SQL Injection are some common web application attacks that provide a serious risk of financial loss, reputational loss, and privacy violations. The study emphasizes the importance of vulnerability discovery and mitigation techniques provided by organizations such as OWASP.
APA, Harvard, Vancouver, ISO, and other styles
22

Olena, Trofymenko, Dyka Anastasiia, and Loboda Yuliia. "Analysis of vulnerabilities and security problems of web applications." System technologies 3, no. 146 (2023): 25–37. http://dx.doi.org/10.34185/1562-9945-3-146-2023-03.

Full text
Abstract:
The article provides a comprehensive analysis of vulnerabilities, methods, tools and problems faced by web application security testing. The analysis of scientific research in the field of web application security testing revealed a significant interest of scientists in finding effective ways to minimize site security risks and vulnerabilities. It was found out that the list of the most common web application vulnerabilities includes: broken access control, cryptographic failures, misconfiguration of security, SQL and other injections, insecure design, identification and authentication errors, etc. Specific features of the security vulnerabilities of web applications are highlighted. The problems faced by automated tools for web security testing are separately considered, namely the development of automated tools for web security testing, the use of RIA (Rich Internet Application) web applications, and the use of insecure cryptographic storage. Web application security risks can be associated with the design phase, the development phase, the deployment phase, and the maintenance phase. It is security testing that is used to identify these risks of the web application, to investigate the vulnerabilities and weak points of the web application. The conducted analysis of security vulnerabilities, methods and problems of testing web applications revealed the presence of different approaches to protect software products. A combination of manual and automated web application security testing techniques is advisable, starting with automated security testing and complementing it with manual penetration testing. A comprehensive approach should integrate testing into all stages of the software development life cycle. Such approach helps to use the most appropriate and effective available methods for the current phase of software product development.
APA, Harvard, Vancouver, ISO, and other styles
23

Aniyikaiye, Jide, and Emmanuel Udoh. "Web Services Gateway." International Journal of Grid and High Performance Computing 8, no. 1 (2016): 85–92. http://dx.doi.org/10.4018/ijghpc.2016010108.

Full text
Abstract:
Cloud computing has many advantages and is being used increasingly as an efficient and safe solution for web based services. This on-demnd self-service provides network access to a shared pooi of redundant computing resources. Software applications are being developed in the cloud and there are demands for the interoperability of these applications. A common way to meet this demand is the development of Web services (applications), taking advantage of Service-oriented architecture principles. These loosely coupled Web base components pose some security challenges. This paper examines Security as a Service (SECaaS) solutions, as well to propose a new approach to security management in the cloud.
APA, Harvard, Vancouver, ISO, and other styles
24

Suganya, S., D. Rajthilak, and G. Gomathi. "Multi-Tier Web Security on Web Applications from Sql Attacks." IOSR Journal of Computer Engineering 16, no. 2 (2014): 01–04. http://dx.doi.org/10.9790/0661-16270104.

Full text
APA, Harvard, Vancouver, ISO, and other styles
25

Ayyarrappan, Mariappan. "AI-driven Security Enhancements for Web Applications." International Scientific Journal of Engineering and Management 03, no. 08 (2024): 1–3. https://doi.org/10.55041/isjem01992.

Full text
Abstract:
As the sophistication of cyber threats escalates, traditional security measures—firewalls, basic intrusion detection systems, and static rule checks— often struggle to keep pace. Recent advancements in artificial intelligence (AI) provide novel opportunities to fortify web application security. This paper discusses how AI-driven methods, such as machine learning–based anomaly detection, natural language processing (NLP) for threat intelligence, and predictive analytics, can enhance protection against a broad range of attacks (e.g., SQL injection, Cross-Site Scripting). We include diagrams and charts to illustrate conceptual models of AI-based security flows, highlight best practices for data ingestion and feature engineering, and address challenges like false positives and model drift. By adopting AI-driven security enhancements, organizations can proactively respond to evolving threats, reducing exposure and fortifying their web applications. Keywords AI Security, Web Applications, Intrusion Detection, Machine Learning, Threat Intelligence, Cyber Attacks
APA, Harvard, Vancouver, ISO, and other styles
26

Kaur, Prabhdeep, and Harkamal Kaur. "Evaluating the Security Flaws in Web Applications." International Journal of Computer Applications 122, no. 5 (2015): 27–29. http://dx.doi.org/10.5120/21697-4806.

Full text
APA, Harvard, Vancouver, ISO, and other styles
27

P.Salini and S. Kanmani. "Security Requirements Engineering Process for Web Applications." Procedia Engineering 38 (2012): 2799–807. http://dx.doi.org/10.1016/j.proeng.2012.06.328.

Full text
APA, Harvard, Vancouver, ISO, and other styles
28

Pooj, Karishma, and Sonali Patil. "Understanding File Upload Security for Web Applications." International Journal of Engineering Trends and Technology 42, no. 7 (2016): 342–47. http://dx.doi.org/10.14445/22315381/ijett-v42p261.

Full text
APA, Harvard, Vancouver, ISO, and other styles
29

Neto, Afonso Araújo, and Marco Vieira. "Selecting Secure Web Applications Using Trustworthiness Benchmarking." International Journal of Dependable and Trustworthy Information Systems 2, no. 2 (2011): 1–16. http://dx.doi.org/10.4018/jdtis.2011040101.

Full text
Abstract:
The multiplicity of existing software and component alternatives for web applications, especially in open source communities, has boosted interest in suitable benchmarks, able to assist in the selection of candidate solutions, concerning several quality attributes. However, the huge success of performance and dependability benchmarking contrasts the small advances in security benchmarking. Traditional vulnerability/attack detection techniques can hardly be used alone to benchmark security, as security depends on hidden vulnerabilities and subtle properties of the system and its environment. A comprehensive security benchmarking process should consist of a two-step process: elimination of flawed alternatives followed by trustworthiness benchmarking. In this paper, the authors propose a trustworthiness benchmark based on the systematic collection of evidences that can be used to select one among several web applications, from a security point-of-view. They evaluate this benchmark approach by comparing its results with an evaluation conducted by a group of security experts and programmers. Results show that the proposed benchmark provides security rankings similar to those provided by human experts. In fact, although experts may take days to gather the information and rank the alternative web applications, the benchmark consistently provides similar results in a matter of few minutes.
APA, Harvard, Vancouver, ISO, and other styles
30

Rutvi, Pradipkumar Adhyaru. "TECHNIQUES FOR ATTACKING WEB APPLICATION SECURITY." International Journal of Information Sciences and Techniques (IJIST) 6, no. 2 (2018): 45–52. https://doi.org/10.5281/zenodo.1217221.

Full text
Abstract:
The web is absolutely necessary part of our lives. It is wide platform which is used for information sharing and service over internet. They are used for the financial, government, healthcare, education and many critical services. Everyday billions of user purchase items, transfer money, retrieve information and communicate over web with each other. Although the web is best friend of users because it provide anytime anywhere access to information and services at the same time. All things are created by human in the world so its reality that the things created by man are little bit problematic. So web applications are also created by human so it contains too many loopholes. The popularity of applications allure hackers towards them. Now a Days Securing and maintaining the websites against attack is very hard and challenging task. Finding loopholes in Web application, Computer system or network and exploiting them called hacking. New approaches for web attacks are invented day to day so the study of detect and prevent against web application attack and finding solution is important part in internet world. In this paper we introduced all web application based attack including two major attacks like XSS (Cross Site Scripting) and SQLI
APA, Harvard, Vancouver, ISO, and other styles
31

Rutvi, Pradipkumar Adhyaru. "TECHNIQUES FOR ATTACKING WEB APPLICATION SECURITY." International Journal of Information Sciences and Techniques (IJIST) 6, no. 1/2 (2016): 45–52. https://doi.org/10.5281/zenodo.7388573.

Full text
Abstract:
The web is absolutely necessary part of our lives. It is wide platform which is used for information sharing and service over internet. They are used for the financial, government, healthcare, education and many critical services. Everyday billions of user purchase items, transfer money, retrieve information and communicate over web with each other. Although the web is best friend of users because it provide anytime anywhere access to information and services at the same time. All things are created by human in the world so its reality that the things created by man are little bit problematic. So web applications are also created by human so it contains too many loopholes. The popularity of applications allure hackers towards them. Now a Days Securing and maintaining the websites against attack is very hard and challenging task. Finding loopholes in Web application, Computer system or network and exploiting them called hacking. New approaches for web attacks are invented day to day so the study of detect and prevent against web application attack and finding solution is important part in internet world. In this paper we introduced all web application based attack including two major attacks like XSS (Cross Site Scripting) and SQLI.
APA, Harvard, Vancouver, ISO, and other styles
32

Andrian, Rian, and Ahmad Fauzi. "Security Scanner For Web Applications Case Study: Learning Management System." Jurnal Online Informatika 4, no. 2 (2020): 63. http://dx.doi.org/10.15575/join.v4i2.394.

Full text
Abstract:
In software engineering, web applications are software that are accessed using a web browser through a network such as the Internet or intranet. Web applications are applications that can be relied on by users to do many useful activities. Despite the awareness of web application developers about safe programming practices, there are still many aspect in web applications that can be exploited by attacker. The development of web applications and the Internet causes the movement of information systems to use them as a basis. Security is needed to protect the contents of web applications that are sensitive and provide a safe process of sending data, therefore application security must be applied to all infrastructure that supports web applications, including the web application itself. Most organizations today have some kind of web application security program or try to build/ improve. But most of these programs do not get the results expected for the organization, are not durable or are not able to provide value continuously and efficiently and also cannot improve the mindset of developers to build/ design secure web applications. This research aims to develop a web application security scanner that can help overcome security problems in web applications.
APA, Harvard, Vancouver, ISO, and other styles
33

Chakradhar, Avinash Devarapalli. "Strategies to Secure Web Applications: Protecting Frontend from Common Vulnerabilities." Journal of Scientific and Engineering Research 6, no. 4 (2019): 201–5. https://doi.org/10.5281/zenodo.11211691.

Full text
Abstract:
The major portion of the internet is distributed on web-based systems. The network is huge as most businesses working online are dependent on their websites. The increased usage of web applications leads to malicious activities due to their potential in terms of different advantages. The security of the system is directly linked to the reputation of the company and the protection of user&rsquo;s data. This is why there is a need to equip the system with strong security to protect it from cybercrimes. However, the security solution is not straightforward and needs to consider different aspects while securing a system from common vulnerabilities. There are certain challenges associated with the integration of security measures with the system. Therefore, some useful strategies are presented in this research document to make the stakeholders more confident with their web applications. Above all, the system must be updated with the latest security measures to avoid being attacked with the latest methods. It is a never-ending process and organizations must figure out the methods to manage their resources accordingly to meet the security needs of the applications.
APA, Harvard, Vancouver, ISO, and other styles
34

Al-Ahmad, Ahmad, Belal Abu Ata, and Abdullah Wahbeh. "Pen Testing for Web Applications." International Journal of Information Technology and Web Engineering 7, no. 3 (2012): 1–13. http://dx.doi.org/10.4018/jitwe.2012070101.

Full text
Abstract:
As many Web applications are developed daily and used extensively, it becomes important for developers and testers to improve these application securities. Pen testing is a technique that helps these developers and testers to ensure that the security levels of their Web application are at acceptable level to be used safely. Different tools are available for Pen testing Web applications; in this paper the authors compared six Pen testing tools for Web applications. The main goal of these tests is to check whether there are any security vulnerabilities in Web applications. A list of faults injected into set of Web pages is used in order to check if tools can find them as they are claimed. Test results showed that these tools are not efficient and developers should not depend solely on them.
APA, Harvard, Vancouver, ISO, and other styles
35

Hall, Calum, Lynsay Shepherd, and Natalie Coull. "BlackWatch: Increasing Attack Awareness within Web Applications." Future Internet 11, no. 2 (2019): 44. http://dx.doi.org/10.3390/fi11020044.

Full text
Abstract:
Web applications are relied upon by many for the services they provide. It is essential that applications implement appropriate security measures to prevent security incidents. Currently, web applications focus resources towards the preventative side of security. While prevention is an essential part of the security process, developers must also implement a level of attack awareness into their web applications. Being able to detect when an attack is occurring provides applications with the ability to execute responses against malicious users in an attempt to slow down or deter their attacks. This research seeks to improve web application security by identifying malicious behavior from within the context of web applications using our tool BlackWatch. The tool is a Python-based application which analyzes suspicious events occurring within client web applications, with the objective of identifying malicious patterns of behavior. This approach avoids issues typically encountered with traditional web application firewalls. Based on the results from a preliminary study, BlackWatch was effective at detecting attacks from both authenticated and unauthenticated users. Furthermore, user tests with developers indicated BlackWatch was user-friendly, and was easy to integrate into existing applications. Future work seeks to develop the BlackWatch solution further for public release.
APA, Harvard, Vancouver, ISO, and other styles
36

Dwivedi, Aarushi. "Vulnerability Scanning Technology on Web Applications." International Journal for Research in Applied Science and Engineering Technology 9, no. VI (2021): 991–95. http://dx.doi.org/10.22214/ijraset.2021.35135.

Full text
Abstract:
Modern society is far more dependent on web applications than the previous generations. Even though our dependence is increasing rapidly, the security level is far lower than required. To guarantee the security of the data system in the industry and our daily life, it is especially crucial to find out web application security vulnerabilities quickly and accurately. A vulnerability is a state of being unprotected from the prospect of an attack. It permits an attacker to gain a certain level of command of the site, and possibly the hosting server. One such vulnerability is the cross-site scripting vulnerability. In this exposition, a generic vulnerability scanner is proposed which can be customized to find any number of vulnerabilities. The scanner maps out the website and gives a report of all the vulnerabilities. For the purpose of evaluation, it has been customized to find XSS vulnerability in web applications.
APA, Harvard, Vancouver, ISO, and other styles
37

Keerthika, T., A. Adithyan, S. Balaji, and Mukulraj J Lunia. "Remote Code Execution in Web Applications." International Journal of Engineering & Technology 7, no. 4.19 (2018): 384–87. http://dx.doi.org/10.14419/ijet.v7i4.19.22098.

Full text
Abstract:
Despite having dedicated applications for different operating system, web application is the most common interface accessed by all the devices. Web application security is an indispensible factor in today’s cyber world. Because of the robust resource available on Internet regarding web development, anyone today can develop a website even with zero coding skills. More than developing a perfect website, maintaining the security has become the prime goal today. Huge data breach in companies resulted due to a small security loophole in their website. Even a minor Cross Site Scripting (XSS) bug may lead to the whole server compromise depending upon the attacker who knows how to convert a simple bug into a disaster. Remote Code Execution (RCE) is one of the critical vulnerability that arises due to the unsafe handling of inputs by the server application. This vulnerability arises under various conditions that include but not limited to unsafe deserialization, XML External Entity attack, Server Side Request Forgery and Server Side Template Injection. Â
APA, Harvard, Vancouver, ISO, and other styles
38

Harrison Oke Ekpobimi, Regina Coelis Kandekere, and Adebamigbe Alex Fasanmade. "Front-end development and cybersecurity: A conceptual approach to building secure web applications." Computer Science & IT Research Journal 5, no. 9 (2024): 2154–68. http://dx.doi.org/10.51594/csitrj.v5i9.1556.

Full text
Abstract:
The growing importance of cybersecurity in the digital age necessitates a comprehensive approach to securing web applications, particularly through robust front-end development practices. This review paper proposes a conceptual framework for integrating security best practices into front-end development to mitigate common vulnerabilities such as Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF). The framework emphasizes key components: threat modeling, secure coding practices, security automation, integration into Continuous Integration/Continuous Deployment (CI/CD) pipelines, and continuous monitoring. By embedding security into every stage of the development process, the framework enhances the security of web applications. It aligns with U.S. national interests in bolstering cybersecurity. The paper also discusses the implications of secure front-end development for national cybersecurity, highlighting the framework's potential to reduce the attack surface of critical web applications significantly. Recommendations are provided for policymakers and industry leaders to promote adopting secure front-end practices, ensuring a resilient digital infrastructure. Keywords: Secure Front-End Development, Cybersecurity, Web Application Security, Threat Modeling, Security Automation, National Cybersecurity.
APA, Harvard, Vancouver, ISO, and other styles
39

x, Pooja. "Enhancing Data Security in JavaScript Web Applications Using SQL Encryption Techniques." International Journal of Science and Research (IJSR) 13, no. 10 (2024): 586–91. http://dx.doi.org/10.21275/sr241007123824.

Full text
APA, Harvard, Vancouver, ISO, and other styles
40

Kumar, Shivam, Raval Mahesh, Nrip Nripesh, and Sinha Achalesh. "A research study on Web Application Security." International Journal of Multidisciplinary Research Transactions 4, no. 6 (2022): 93–104. https://doi.org/10.5281/zenodo.6633934.

Full text
Abstract:
This research basically centers on the point of website/web application security. The prime agenda of this research is to verify that how much government websites are protected that is how they are handling the user&rsquo;s data as a part of providing such facility over the data inputted by the user. Vulnerability of websites is a very important aspect on which we are not focusing yet. Might have a security escape clause in it. The world is exceedingly reliant on the Internet. Nowadays, web application security is one of the biggest challenges in this world. It is considered as the principal framework for the worldwide data society. Web applications are prone to security attacks. Web security is securing a web application layer from attacks by unauthorized users. A lot of the issues that occur over a web application is mainly due to the improper input provided by the client. This paper discusses the different aspects of web security and its weakness. The main elements of web application security techniques such as the password, encryption-decryption, authentication and integrity are also discussed in this paper. The anatomy of a web application attack and the attack methodologies are also covered in this paper. This paper explores a number of methods for shielding this class of threats and assesses why they have not been proven more successful. This paper introduces a better and prospect way for minimizing these type of web vulnerabilities. It also provides the best security mechanisms for the defined attacks.
APA, Harvard, Vancouver, ISO, and other styles
41

P.Salini and S.Kanmani. "IMPLEMENTATION OF MOSRE FRAMEWORK FOR A WEB APPLICATION - A CASE STUDY." International Journal on Web Service Computing (IJWSC) 3, no. 3 (2012): 95–107. https://doi.org/10.5281/zenodo.4405033.

Full text
Abstract:
The Security Engineering discipline has become more and more important in the recent years. Security requirements engineering is essential to assure the Quality of the resulting software. An increasing part of the communication and sharing of information in our society utilize Web Applications. Last two years have seen a significant surge in the amount of Web Application specific vulnerabilities that are disclosed to the public because of the importance of Security Requirements Engineering for Web based systems and as it is still underestimated. Integration of Web and object technologies offer a foundation for expanding the Web to a new generation of applications. In this paper, we outline our proposed Model- Oriented Security Requirement Engineering (MOSRE) Framework for Web Applications. By applying Object-Oriented technologies and modeling to Security Requirement phase. So the completeness, consistency, traceability and reusability of Security Requirements can be cost effectively improved. We implemented our MOSRE Framework for E-Voting Application and set of Security Requirements are identified.
APA, Harvard, Vancouver, ISO, and other styles
42

P.Salini and S.Kanmani. "IMPLEMENTATION OF MOSRE FRAMEWORK FOR A WEB APPLICATION - A CASE STUDY." International Journal on Web Service Computing (IJWSC) 3, no. 3 (2012): 95–107. https://doi.org/10.5281/zenodo.3549284.

Full text
Abstract:
The Security Engineering discipline has become more and more important in the recent years. Security requirements engineering is essential to assure the Quality of the resulting software. An increasing part of the communication and sharing of information in our society utilize Web Applications. Last two years have seen a significant surge in the amount of Web Application specific vulnerabilities that are disclosed to the public because of the importance of Security Requirements Engineering for Web based systems and as it is still underestimated. Integration of Web and object technologies offer a foundation for expanding the Web to a new generation of applications. In this paper, we outline our proposed Model- Oriented Security Requirement Engineering (MOSRE) Framework for Web Applications. By applying Object-Oriented technologies and modeling to Security Requirement phase. So the completeness, consistency, traceability and reusability of Security Requirements can be cost effectively improved. We implemented our MOSRE Framework for E-Voting Application and set of Security Requirements are identified.
APA, Harvard, Vancouver, ISO, and other styles
43

Gupta, Ishaan, ira ., Aditya Gusain, Kusum Mahajan, Faisal Rais, and Rekha Chaudhary. "DATA SECURITY AND DATA BREACHES." International Journal of Engineering Applied Sciences and Technology 8, no. 2 (2023): 174–77. http://dx.doi.org/10.33564/ijeast.2023.v08i02.025.

Full text
Abstract:
: This research paper focuses on the topic of data security and data breaches specifically in web applications. As more businesses and organizations move their operations online, web applications have become a prime target for cyber attacks. This paper examines common vulnerabilities in web applications such as SQL injection, cross-site scripting, and insecure session management and how they can be exploited to gain unauthorized access to sensitive data. Venmo, a popular peer-to-peer mobile payment app, has faced several data breaches in recent years, raising concerns about the safety of user information. This research paper will also examine the causes and consequences of these data breaches and discusses best practices for secure web application development.
APA, Harvard, Vancouver, ISO, and other styles
44

Dr., AMMAR ALDALLAL, and KASHIF SHABBIR Dr. "Protecting Web Applications from Cross-Site Scripting Attacks." JOURNAL OF APPLIED ENGINEERING RESEARCH 2017, no. 03 (2017): 18. https://doi.org/10.5281/zenodo.849089.

Full text
Abstract:
<em>Existence of cross-site scripting (XSS) vulnerability can be traced back to 1995 during early days of Internet penetration. JavaScript, a programming language developed by Netscape, came into being around the same time. The noble intention of this programming language was for designing web applications to be more interactive. However, cyber criminals also learned how to trick users to load malicious scripts into websites, thus allowing them to access confidential data or compromise services. The enormity of such attacks promoted some organizations to engage in monitoring of XSS attacks and researching on new ways to defeat attacks that are similar to XSS worm on MySpace.com social networking site in 2005. The primary Focus in this aper is to</em><em> try to avoid execution of XSS attacks by providing proper validations and methods to clean the user input from any script tags. XSS attacks can be minimized by proper handling of user input in a web application, which means that’s validating the input provided by the user and stripping it of any of harmful code or tags.</em>
APA, Harvard, Vancouver, ISO, and other styles
45

Shah, Sarthak, and Anuja Phapale. "Home / Archives / Vol. 1 No. 3 (2023): November 2023 / Articles Fortifying Data Security: Node.js Authentication, Authorization, and the Dark Web Influence in Modern Web Apps." Fortifying Data Security: Node.js Authentication, Authorization, and the Dark Web Influence in Modern Web Apps 1, Vol. 1 No. 3 (2023): November 2023 (2024): 8. https://doi.org/10.59890/ijaamr.v1i3.679.

Full text
Abstract:
This paper delves into the crucial aspects of authentication and authorization in modern web applications with a focus on enhancing data security. It explores the use of Node.js, a versatile server-side language, for building web applications and discusses the significance of a secure website for establishing trust between clients and servers. The research covers the implementation of authentication using packages and hashing algorithms, emphasizing the importance of "salt" and "pepper" for password security. Authorization methods, including cookies, sessions, and middleware, are also explored. The paper highlights the necessity of robust security measures to safeguard user data from the dark web and points to future directions in web security, including the role of blockchain and artificial intelligence in the WEB3 landscape.
APA, Harvard, Vancouver, ISO, and other styles
46

Sadritdinova, Dinora A'zamjon qizi. "WEB APPLICATIONS AND THEIR TYPES." Multidisciplinary Journal of Science and Technology 5, no. 3 (2025): 155–59. https://doi.org/10.5281/zenodo.14995607.

Full text
Abstract:
Web applications have become an essential part of modern digital infrastructure, revolutionizing the way businesses, individuals, and organizations operate. Unlike traditional desktop applications, web applications run on web browsers, making them highly accessible and platform-independent. This paper provides an in-depth analysis of web applications, their types, underlying technologies, and the significance of web-based solutions in different industries. Furthermore, the research highlights security concerns, performance optimization techniques, and the latest advancements in web application development.
APA, Harvard, Vancouver, ISO, and other styles
47

Rida, Abderrahim, and Ayoub Ait Lahcen. "Towards DevSecOps Model for Multi-tier Web Applications." ITM Web of Conferences 69 (2024): 04018. https://doi.org/10.1051/itmconf/20246904018.

Full text
Abstract:
Development, Security and Operations (DevSecOps) as part of Continuous Deployment (CD) or Continuous Delivery (CD) are considered a reliable link for communication and collaboration between development, security and operations teams. The philosophy of DevSecOps is defined as the ability to push new releases into production quickly and securely. We assume that DevSecOps brings new challenges, which primarily have a strong impact on decisions and organizational responsibilities within a company. We claim that PHP is the most commonly used back-end programming language for native applications, frameworks-based applications and content management system that implement this language. In addition, multi-tier architecture is one of the main architectures used by many software or web applications. Thereby, there is a significant and necessarily need to understand how DevSecOps on multi-tier PHP web applications could impact delivery accuracy. The goal of this work is to develop a DevSecOps pipeline model for multi-tier web applications that implement PHP.
APA, Harvard, Vancouver, ISO, and other styles
48

Mohammed, Awad, Ali Muhammed, Takruri Maen, and Ismail Shereen. "Security vulnerabilities related to web-based data." TELKOMNIKA Telecommunication, Computing, Electronics and Control 17, no. 2 (2019): 852–56. https://doi.org/10.12928/TELKOMNIKA.v17i2.10484.

Full text
Abstract:
In this digital era, organizations and industries are moving towards replacing websites with web applications for many obvious reasons. With this transition towards web-based applications, organizations and industries find themselves surrounded by several threats and vulnerabilities. One of the largest concerns is keeping their infrastructure safe from attacks and misuse. Web security entails applying a set of procedures and practices, by applying several security principles at various layers to protect web servers, web users, and their surrounding environment. In this paper, we will discuss several attacks that may affect web-based applications namely: SQL injection attacks, cookie poisoning, cross-site scripting, and buffer overflow. Additionally, we will discuss detection and prevention methods from such attacks.
APA, Harvard, Vancouver, ISO, and other styles
49

Sethi, IPS, Sanjay Kumar Sinha, Neeta Chauhan, and Deepti Khanduja. "Secure Web Application: Rudimentary perspective." Journal of Engineering Education Transformations 36, S1 (2022): 185–90. http://dx.doi.org/10.16920/jeet/2022/v36is1/22190.

Full text
Abstract:
WWW, one of the most pervasive technologies for information and service delivery over Internet with a potential to revise and preserve the web applications without dispensing and installing software on doubtlessly millions of client computers. As the web applications are increasingly used for crucial services, they have become a prominent and relevant target for any security outbreak. Software security is a methodology which guards against the malicious attacks and security failures along with an aim to increase system reliability. The prime objective of software security is to gain knowledge about the vulnerabilities in a system and foresee attacker’s motive and perception. This paper reviews the existing techniques of web application security, with the aim of standardizing them into a bigger picture to enable the future research areas. The scrutiny of a web application attack and the attack techniques are also enclosed in details. Lastly the parameters to provide a secure hosting surrounding to the applications are indexed. The paper summarizes the security of web application in a holistic manner and provides a range of ways to ensure that it’s as secure as it can be, as well as forever improving. Keywords: Security, OWASP, SDLC, SQL Injection, Web Application Firewall
APA, Harvard, Vancouver, ISO, and other styles
50

Alawsi, Wasan A., Hadab Khalid Obayes, and Saba M. Hussain. "A Novel Image Encryption Approach for IoT Applications." Webology 19, no. 1 (2022): 1593–606. http://dx.doi.org/10.14704/web/v19i1/web19107.

Full text
Abstract:
The rapid developments observed in the field of Internet of Things (IoT), along with the recently increasing dependence on this technology in home and financial applications, have made it necessary to pay attention to the security of information sent through these IoT applications. The present article proposes a new encryption method for important messages that are sent via IoT applications. The proposed method provides four levels of security for the confidential message (in this case, an image). The first level is represented by applying the Conformal Mapping on the secret image. The second level is represented by encoding the resulting image from the first level using the encryption and decryption (RSA) method, while the third level is the use of Less Significant Bit (LSB) as the hiding method to hide the message inside the cover image. The compression of the stego image using GZIP is the last level of security. The peak signal-to-noise (PNSR) metric was used to measure the quality of the resulting image after the steganography process. The results appear promising and acceptable. Therefore, it is suggested that this method can be applied to send secret messages through applications of special importance across the IoT.
APA, Harvard, Vancouver, ISO, and other styles
You might also be interested in the bibliographies on the topic 'Security of web applications' for other source types:
Dissertations / Theses Books
We offer discounts on all premium plans for authors whose works are included in thematic literature selections. Contact us to get a unique promo code!

To the bibliography