SlideShare a Scribd company logo

web security

Myprivateresearcher.com
Myprivateresearcher.com

There have been reports such as ‘there is high rate of web application vulnerability’ as well as a range of ways in which web hackers attack web applications. Since the discovery that web applications convey the best content to users, there have been attempts to determine ways in which these systems can be hacked into through defacing, damage and defrauding. As the culture of conveying information across the internet continues to gain ground, there are increasing cases of vulnerabilities of these sites to cyber criminals.

Education
1 of 4
Download to read offline
1. Introduction There have been reports such as ‘there is high rate of web application vulnerability’ as well as a range of ways in which web hackers attack web applications. Since the discovery that web applications convey the best content to users, there have been attempts to determine ways in which these systems can be hacked into through defacing, damage and defrauding. As the culture of conveying information across the internet continues to gain ground, there are increasing cases of vulnerabilities of these sites to cyber criminals. It has also been found that a large number of businesses use web sites to deliver messages to their customers , communicate with their customers as well as sell products to them. They may also need to sell certain technologies that are designed to handle various types of functions of a web site. The use of content management systems such as Joomla and Drupal may find itself helpful in building strong web sites with products or services and related content. When businesses want to process blogs, applications such as Word press or forums functioning on the principle of phpBB that utilizes user generated information from the web assessors to allow customers communicate through comments and discussions. Other web applications such as magneto are frequently used in e-commerce by both large and small scale businesses that carry out their transactions directly on the web. There are also a number of proprietary applications that are used by web sites and this calls for making web applications a top priority for both small site as well as big site owners. There is also need to analyze the competence of web application software by carrying an online test development, administration and grading process which enables web site to carry out online tests of their web application software so that its functionality and reliability can be known. It also involves development of websites to incorporate more information such as news, papers and interface that allows adding and deletion of papers. It can also be use to know the competencies that exist in a web application. It is also used to show the mastery of the web site owner of some of the competencies in the domains of leadership, communication strength and reasoning and the ability to solve problems effectively. On the basis of Information technology IT, the domains in which competencies may be determined include software, networks, IT Management, security or databases. This paper explains the procedure of using capstone matrix to determine the competency of a web application and also recommend the precautions that are need to ensure that a web application is not hacked into by authorized users. This paper also tries to explain on how hack-resilient applications can be built. This is an application that meets certain requirements of the capstone matrix by reducing the possibility of attack and ensures that damage does not occur. This is an application that is found in the host server in a network that has been
developed using design and procedures that cannot be hacked as well. This paper explains that there is need to secure an application by making sure that input is validated, authenticated, authorized and data is made sensitive. By using capstone competency matrix, it shows the competency of the application and the likelihood of its being hacked into by unauthorized users. This allows for remedial actions such as securing the network, securing the host and also securing the application. The results of the capstone matrix are also important in determining the level of security in the threes physical tiers i.e. web server, remote application server and database server. The use of competence matrix gives the information regarding security information that that are found in the host network and the level of application vulnerabilities that can be used to structure application arrangements for security purposes. I. Literature review As the number of web applications used increases, so are the number of security risks associated with them. Currently web application security is a concern everywhere and there is need to determine how competent a web application is towards certain threats such as hacking and security of information. There are a number of technical and business applications of web applications a. Areas of application of web applications a) Network and application levels merging In the older days, vulnerability detection was mainly focused on network or operating system of a hardware component. These involved the use of traditional manual hacking testing and also automatic testing using security tools. The trends have currently focused on the need to scan for the competency of a network as well as the vulnerability of an application. Presently, interest has been focused on combining the ability of network scanners with tool kits used in web application security space. The purpose of merging network and application competency analysis is to locate the information found in one level and use the same approach towards determining the competency of the next level. Another area that has attracted interest in vulnerability testing is the network management consoles. The present consoles are geared towards finding network device data such as firewall. Focus is made on incorporating applications from a number of tools such as firewalls. However, there is no likelihood of integration taking place in patch management methods. Furthermore, consoles have the ability to attach patch management solutions to data conveying information regarding the existence of problems. The challenge is that a number of web applications are proprietary and therefore recognized by only certain customers and departments within a large organization. b) QA testing and Developer Awareness In the olden days, quality assurance teams were not working in partnership with information security work force, however, there are trends towards a change in this culture. For instance, mercury interactive, an entity involved in automated testing tools, proposed that they would enter into partnership with some of the most successful application security testing companies that provide a reliable solution to mercury’s testing goods and the applications used by to determine vulnerability of tools. QA testing is also expected to move from basic testing of functions to compliance testing. These include compliance with certain federal laws concerning privacy. They could also be used to determine the types
of web pages that are not likely to refer to web page privacy information or the web pages that are like to result into leakage of information in the site of form information. It is also speculated that the developers are also likely to benefit from the wide range of a web application vulnerability detection tools that are currently being developed. The purpose of detection tools is to track defective or insecure lines of information that might be the sources of vulnerabilities. This is speculated to take place during development tool process such as a writing of a code. A number of vendors have developed tools that improve code security despite the fact that up to date there have been low sales of these tools. Furthermore, number of these code scanning tools is not able to provide complete awareness of an application and focuses on only specific modules of code. This is likely to result into more complex problems such as between a UI module and database module, scanners have been successful in their use in the same purpose. It is also speculated that there might be integration with bug detecting systems to allow developers to only follow the present defect detecting process and make the corrections regarding vulnerability as a simple defect of function in their code. c) Attack detection Sophistication Increases There have been tremendous improvements in development of web application vulnerability detection technology. Tools have gone beyond the normal buffer overflow attacks and have the detection abilities that can only be attained by few strings. These tools are mainly geared towards online detection. The use XSS attack detection methods are currently shifting from the conventional inline string injection method to a multi-faceted attack and detection process that needs persistence of state. Other areas that have not been tackled include performance of a large form of information from the web application and user information that needs to be kept and referenced with accuracy without false information. For instance, a number of large financial institutions had problems with cross-frame scripting (XSS), and example of a phishing attack that affects a frame in a web page. There has also been increasing focus on web services. Despite the slow rates of their adoption by the masses, a number of users own sites and web applications that are dependent on web services and require knowing how competent those web services are. For instance, vendors involved in this area used simple detection methods such as XML based detection and applying common web competency in a non –xml applications. b. Some of the threats and counter measures This part of the article explains some of the treats that are likely to be faced by a network, host or application layers. It determines how a web application can be regarded as competent enough to withstand threats that hinder its application When security features have been incorporated into application design, implementation is helpful in understanding the manner in which attackers would like to hack into the application. Designing a secure web application c. Building secure web applications d. Assessing your security II. Rationale and systems Analysis for the Project In this stage of assessing the competency of web application software, a number of considerations have been identified. They are explained in this section. a. Access control
The paper explains that there is need to determine a criterion for mandatory data access control and understanding different factors that can be helpful in implementation of access control and coming up with a better access control plan. The paper also explains that there is need to implement and manage access control plan in compliance with principles that control access control systems that are supposed to be known. It is also important to identify other access control plans such as ID cards and getting proper knowledge concerning warning banners that are used in implementing access rules. b. Social engineering, phishing and identity theft There is also need to understand a number of social engineering concepts and their function in insider attacks and coming up with better practices that can hinder social engineering. There is also need to develop plans that prevent phishing attacks. c. Physical security It has also been found that there is need to determine the standards, directives, processes and policies that guarantee the physical safety of web application software. There is also need to value the importance of the web application software and the impact it is likely to bring. This paper also indicates that we need to design, apply and manage an organized and coordinated physical security measures that ensures total safety of web application software. We also need to determine the objectives that ensure that the personnel in charge of the web applications are also secure to attain the overall objective of making the entire organization secure. There is also need to determine a method of determining physical security level so that corrective measures can be put in place. d. Risk management There is need to determine risks and risk management processes and understands the level of allowable risk to ensure the hacking into the web application system lies within a level that cannot be harmful to the web site owner. We also need to identify resource requirement for risk management to ensure that the web application is well managed and the problem of lack of resources is dealt with. There is also need to determine a systematic risk measuring process on the based on consultation with IT experts and IT risk management processes that comply with the standards and procedures to ensure the organizational goals and objectives are pursued. In order to ensure total avoidance of risks, we need to know the level of relationship between incidence response group and other groups both within the organization and outside the organization such as between the legal department and law enforcement agencies as well as public relations officers. We also need to identify the areas where risks to our web application system are likely to come from and continuously update our web application security settings. We also need to determine policies that guide risk management and update risk management programs according to the likelihood of threats in the environment and also according to the goals and objectives of the organization.

Recommended

Analysis of XSS attack Mitigation techniques based on Platforms and Browsers
Analysis of XSS attack Mitigation techniques based on Platforms and BrowsersAnalysis of XSS attack Mitigation techniques based on Platforms and Browsers
Analysis of XSS attack Mitigation techniques based on Platforms and Browserscscpconf
 
Research Article On Web Application Security
Research Article On Web Application SecurityResearch Article On Web Application Security
Research Article On Web Application SecuritySaadSaif6
 
Are you fighting_new_threats_with_old_weapons
Are you fighting_new_threats_with_old_weaponsAre you fighting_new_threats_with_old_weapons
Are you fighting_new_threats_with_old_weaponsBhargav Modi
 
Routine Detection Of Web Application Defence Flaws
Routine Detection Of Web Application Defence FlawsRoutine Detection Of Web Application Defence Flaws
Routine Detection Of Web Application Defence FlawsIJTET Journal
 
A26001006
A26001006A26001006
A26001006IJERA Editor
 
Research challenges and issues in web security
Research challenges and issues in web securityResearch challenges and issues in web security
Research challenges and issues in web securityIAEME Publication
 
A Review paper on Securing PHP based websites From Web Application Vulnerabil...
A Review paper on Securing PHP based websites From Web Application Vulnerabil...A Review paper on Securing PHP based websites From Web Application Vulnerabil...
A Review paper on Securing PHP based websites From Web Application Vulnerabil...Editor IJMTER
 
IRJET - Web Vulnerability Scanner
IRJET - Web Vulnerability ScannerIRJET - Web Vulnerability Scanner
IRJET - Web Vulnerability ScannerIRJET Journal
 

Recommended

Analysis of XSS attack Mitigation techniques based on Platforms and Browsers
Analysis of XSS attack Mitigation techniques based on Platforms and BrowsersAnalysis of XSS attack Mitigation techniques based on Platforms and Browsers
Analysis of XSS attack Mitigation techniques based on Platforms and Browserscscpconf
 
Research Article On Web Application Security
Research Article On Web Application SecurityResearch Article On Web Application Security
Research Article On Web Application SecuritySaadSaif6
 
Are you fighting_new_threats_with_old_weapons
Are you fighting_new_threats_with_old_weaponsAre you fighting_new_threats_with_old_weapons
Are you fighting_new_threats_with_old_weaponsBhargav Modi
 
Routine Detection Of Web Application Defence Flaws
Routine Detection Of Web Application Defence FlawsRoutine Detection Of Web Application Defence Flaws
Routine Detection Of Web Application Defence FlawsIJTET Journal
 
A26001006
A26001006A26001006
A26001006IJERA Editor
 
Research challenges and issues in web security
Research challenges and issues in web securityResearch challenges and issues in web security
Research challenges and issues in web securityIAEME Publication
 
A Review paper on Securing PHP based websites From Web Application Vulnerabil...
A Review paper on Securing PHP based websites From Web Application Vulnerabil...A Review paper on Securing PHP based websites From Web Application Vulnerabil...
A Review paper on Securing PHP based websites From Web Application Vulnerabil...Editor IJMTER
 
IRJET - Web Vulnerability Scanner
IRJET - Web Vulnerability ScannerIRJET - Web Vulnerability Scanner
IRJET - Web Vulnerability ScannerIRJET Journal
 
IMPLEMENTATION OF MOSRE FRAMEWORK FOR A WEB APPLICATION - A CASE STUDY
IMPLEMENTATION OF MOSRE FRAMEWORK FOR A WEB APPLICATION - A CASE STUDYIMPLEMENTATION OF MOSRE FRAMEWORK FOR A WEB APPLICATION - A CASE STUDY
IMPLEMENTATION OF MOSRE FRAMEWORK FOR A WEB APPLICATION - A CASE STUDYijwscjournal
 
IRJET- Secured Analysis of Android Applications using Permission Accessing Sy...
IRJET- Secured Analysis of Android Applications using Permission Accessing Sy...IRJET- Secured Analysis of Android Applications using Permission Accessing Sy...
IRJET- Secured Analysis of Android Applications using Permission Accessing Sy...IRJET Journal
 
Faces in the Distorting Mirror: Revisiting Photo-based Social Authentication
Faces in the Distorting Mirror: Revisiting Photo-based Social AuthenticationFaces in the Distorting Mirror: Revisiting Photo-based Social Authentication
Faces in the Distorting Mirror: Revisiting Photo-based Social AuthenticationFACE
 
Rational Unified Treatment for Web Application Vulnerability Assessment
Rational Unified Treatment for Web Application Vulnerability AssessmentRational Unified Treatment for Web Application Vulnerability Assessment
Rational Unified Treatment for Web Application Vulnerability AssessmentVESIT/University of Mumbai
 
QUALITY ASSURANCE AND INTEGRATION TESTING ASPECTS IN WEB BASED APPLICATIONS
QUALITY ASSURANCE AND INTEGRATION TESTING ASPECTS IN WEB BASED APPLICATIONSQUALITY ASSURANCE AND INTEGRATION TESTING ASPECTS IN WEB BASED APPLICATIONS
QUALITY ASSURANCE AND INTEGRATION TESTING ASPECTS IN WEB BASED APPLICATIONSIJCSEA Journal
 
Ultimate_Guide_to_getting_started_with_AppSec
Ultimate_Guide_to_getting_started_with_AppSecUltimate_Guide_to_getting_started_with_AppSec
Ultimate_Guide_to_getting_started_with_AppSecJessica Lavery Pozerski
 
The International Journal of Engineering and Science (The IJES)
The International Journal of Engineering and Science (The IJES)The International Journal of Engineering and Science (The IJES)
The International Journal of Engineering and Science (The IJES)theijes
 
ultimate-guide-to-getting-started-with-appsec-veracode
ultimate-guide-to-getting-started-with-appsec-veracodeultimate-guide-to-getting-started-with-appsec-veracode
ultimate-guide-to-getting-started-with-appsec-veracodeSean Varga
 
Tools & Techniques for Addressing Component Vulnerabilities for PCI Compliance
Tools & Techniques for Addressing Component Vulnerabilities for PCI ComplianceTools & Techniques for Addressing Component Vulnerabilities for PCI Compliance
Tools & Techniques for Addressing Component Vulnerabilities for PCI ComplianceSonatype
 
Snippets, Scans and Snap Decisions: How Component Identification Methods Impa...
Snippets, Scans and Snap Decisions: How Component Identification Methods Impa...Snippets, Scans and Snap Decisions: How Component Identification Methods Impa...
Snippets, Scans and Snap Decisions: How Component Identification Methods Impa...Sonatype
 
Attribute-based Permission Model for Android Smartphones
Attribute-based Permission Model for Android SmartphonesAttribute-based Permission Model for Android Smartphones
Attribute-based Permission Model for Android SmartphonesIJCSIS Research Publications
 
IRJET- Survey on Web Application Vulnerabilities
IRJET- Survey on Web Application VulnerabilitiesIRJET- Survey on Web Application Vulnerabilities
IRJET- Survey on Web Application VulnerabilitiesIRJET Journal
 
Security and Privacy Measurements in Social Networks: Experiences and Lessons...
Security and Privacy Measurements in Social Networks: Experiences and Lessons...Security and Privacy Measurements in Social Networks: Experiences and Lessons...
Security and Privacy Measurements in Social Networks: Experiences and Lessons...FACE
 
375 378
375 378375 378
375 378Editor IJARCET
 
Web Application Security Guide by Qualys 2011
Web Application Security Guide by Qualys 2011 Web Application Security Guide by Qualys 2011
Web Application Security Guide by Qualys 2011 nat page
 
Lawyers and Licenses in Open Source-based Development: How to Protect Your So...
Lawyers and Licenses in Open Source-based Development: How to Protect Your So...Lawyers and Licenses in Open Source-based Development: How to Protect Your So...
Lawyers and Licenses in Open Source-based Development: How to Protect Your So...Sonatype
 
breaking-and-fixing-origin-based-access-control
breaking-and-fixing-origin-based-access-controlbreaking-and-fixing-origin-based-access-control
breaking-and-fixing-origin-based-access-controlMartin Georgiev
 
An Empirical Study on the Security Measurements of Websites of Jordanian Publ...
An Empirical Study on the Security Measurements of Websites of Jordanian Publ...An Empirical Study on the Security Measurements of Websites of Jordanian Publ...
An Empirical Study on the Security Measurements of Websites of Jordanian Publ...CSCJournals
 
Web and Mobile Application Security
Web and Mobile Application SecurityWeb and Mobile Application Security
Web and Mobile Application SecurityPrateek Jain
 
CBU Results-2
CBU Results-2CBU Results-2
CBU Results-2Sydney Mpolwa
 
Untitled Presentation
Untitled PresentationUntitled Presentation
Untitled PresentationMoNika IpiAles
 
POLITICAL SCIENCE
POLITICAL SCIENCEPOLITICAL SCIENCE
POLITICAL SCIENCEMyprivateresearcher.com
 

More Related Content

What's hot

IMPLEMENTATION OF MOSRE FRAMEWORK FOR A WEB APPLICATION - A CASE STUDY
IMPLEMENTATION OF MOSRE FRAMEWORK FOR A WEB APPLICATION - A CASE STUDYIMPLEMENTATION OF MOSRE FRAMEWORK FOR A WEB APPLICATION - A CASE STUDY
IMPLEMENTATION OF MOSRE FRAMEWORK FOR A WEB APPLICATION - A CASE STUDYijwscjournal
 
IRJET- Secured Analysis of Android Applications using Permission Accessing Sy...
IRJET- Secured Analysis of Android Applications using Permission Accessing Sy...IRJET- Secured Analysis of Android Applications using Permission Accessing Sy...
IRJET- Secured Analysis of Android Applications using Permission Accessing Sy...IRJET Journal
 
Faces in the Distorting Mirror: Revisiting Photo-based Social Authentication
Faces in the Distorting Mirror: Revisiting Photo-based Social AuthenticationFaces in the Distorting Mirror: Revisiting Photo-based Social Authentication
Faces in the Distorting Mirror: Revisiting Photo-based Social AuthenticationFACE
 
Rational Unified Treatment for Web Application Vulnerability Assessment
Rational Unified Treatment for Web Application Vulnerability AssessmentRational Unified Treatment for Web Application Vulnerability Assessment
Rational Unified Treatment for Web Application Vulnerability AssessmentVESIT/University of Mumbai
 
QUALITY ASSURANCE AND INTEGRATION TESTING ASPECTS IN WEB BASED APPLICATIONS
QUALITY ASSURANCE AND INTEGRATION TESTING ASPECTS IN WEB BASED APPLICATIONSQUALITY ASSURANCE AND INTEGRATION TESTING ASPECTS IN WEB BASED APPLICATIONS
QUALITY ASSURANCE AND INTEGRATION TESTING ASPECTS IN WEB BASED APPLICATIONSIJCSEA Journal
 
Ultimate_Guide_to_getting_started_with_AppSec
Ultimate_Guide_to_getting_started_with_AppSecUltimate_Guide_to_getting_started_with_AppSec
Ultimate_Guide_to_getting_started_with_AppSecJessica Lavery Pozerski
 
The International Journal of Engineering and Science (The IJES)
The International Journal of Engineering and Science (The IJES)The International Journal of Engineering and Science (The IJES)
The International Journal of Engineering and Science (The IJES)theijes
 
ultimate-guide-to-getting-started-with-appsec-veracode
ultimate-guide-to-getting-started-with-appsec-veracodeultimate-guide-to-getting-started-with-appsec-veracode
ultimate-guide-to-getting-started-with-appsec-veracodeSean Varga
 
Tools & Techniques for Addressing Component Vulnerabilities for PCI Compliance
Tools & Techniques for Addressing Component Vulnerabilities for PCI ComplianceTools & Techniques for Addressing Component Vulnerabilities for PCI Compliance
Tools & Techniques for Addressing Component Vulnerabilities for PCI ComplianceSonatype
 
Snippets, Scans and Snap Decisions: How Component Identification Methods Impa...
Snippets, Scans and Snap Decisions: How Component Identification Methods Impa...Snippets, Scans and Snap Decisions: How Component Identification Methods Impa...
Snippets, Scans and Snap Decisions: How Component Identification Methods Impa...Sonatype
 
Attribute-based Permission Model for Android Smartphones
Attribute-based Permission Model for Android SmartphonesAttribute-based Permission Model for Android Smartphones
Attribute-based Permission Model for Android SmartphonesIJCSIS Research Publications
 
IRJET- Survey on Web Application Vulnerabilities
IRJET- Survey on Web Application VulnerabilitiesIRJET- Survey on Web Application Vulnerabilities
IRJET- Survey on Web Application VulnerabilitiesIRJET Journal
 
Security and Privacy Measurements in Social Networks: Experiences and Lessons...
Security and Privacy Measurements in Social Networks: Experiences and Lessons...Security and Privacy Measurements in Social Networks: Experiences and Lessons...
Security and Privacy Measurements in Social Networks: Experiences and Lessons...FACE
 
Web Application Security Guide by Qualys 2011
Web Application Security Guide by Qualys 2011 Web Application Security Guide by Qualys 2011
Web Application Security Guide by Qualys 2011 nat page
 
Lawyers and Licenses in Open Source-based Development: How to Protect Your So...
Lawyers and Licenses in Open Source-based Development: How to Protect Your So...Lawyers and Licenses in Open Source-based Development: How to Protect Your So...
Lawyers and Licenses in Open Source-based Development: How to Protect Your So...Sonatype
 
breaking-and-fixing-origin-based-access-control
breaking-and-fixing-origin-based-access-controlbreaking-and-fixing-origin-based-access-control
breaking-and-fixing-origin-based-access-controlMartin Georgiev
 
An Empirical Study on the Security Measurements of Websites of Jordanian Publ...
An Empirical Study on the Security Measurements of Websites of Jordanian Publ...An Empirical Study on the Security Measurements of Websites of Jordanian Publ...
An Empirical Study on the Security Measurements of Websites of Jordanian Publ...CSCJournals
 
Web and Mobile Application Security
Web and Mobile Application SecurityWeb and Mobile Application Security
Web and Mobile Application SecurityPrateek Jain
 

What's hot (19)

IMPLEMENTATION OF MOSRE FRAMEWORK FOR A WEB APPLICATION - A CASE STUDY
IMPLEMENTATION OF MOSRE FRAMEWORK FOR A WEB APPLICATION - A CASE STUDYIMPLEMENTATION OF MOSRE FRAMEWORK FOR A WEB APPLICATION - A CASE STUDY
IMPLEMENTATION OF MOSRE FRAMEWORK FOR A WEB APPLICATION - A CASE STUDY
 
IRJET- Secured Analysis of Android Applications using Permission Accessing Sy...
IRJET- Secured Analysis of Android Applications using Permission Accessing Sy...IRJET- Secured Analysis of Android Applications using Permission Accessing Sy...
IRJET- Secured Analysis of Android Applications using Permission Accessing Sy...
 
Faces in the Distorting Mirror: Revisiting Photo-based Social Authentication
Faces in the Distorting Mirror: Revisiting Photo-based Social AuthenticationFaces in the Distorting Mirror: Revisiting Photo-based Social Authentication
Faces in the Distorting Mirror: Revisiting Photo-based Social Authentication
 
Rational Unified Treatment for Web Application Vulnerability Assessment
Rational Unified Treatment for Web Application Vulnerability AssessmentRational Unified Treatment for Web Application Vulnerability Assessment
Rational Unified Treatment for Web Application Vulnerability Assessment
 
QUALITY ASSURANCE AND INTEGRATION TESTING ASPECTS IN WEB BASED APPLICATIONS
QUALITY ASSURANCE AND INTEGRATION TESTING ASPECTS IN WEB BASED APPLICATIONSQUALITY ASSURANCE AND INTEGRATION TESTING ASPECTS IN WEB BASED APPLICATIONS
QUALITY ASSURANCE AND INTEGRATION TESTING ASPECTS IN WEB BASED APPLICATIONS
 
Ultimate_Guide_to_getting_started_with_AppSec
Ultimate_Guide_to_getting_started_with_AppSecUltimate_Guide_to_getting_started_with_AppSec
Ultimate_Guide_to_getting_started_with_AppSec
 
The International Journal of Engineering and Science (The IJES)
The International Journal of Engineering and Science (The IJES)The International Journal of Engineering and Science (The IJES)
The International Journal of Engineering and Science (The IJES)
 
ultimate-guide-to-getting-started-with-appsec-veracode
ultimate-guide-to-getting-started-with-appsec-veracodeultimate-guide-to-getting-started-with-appsec-veracode
ultimate-guide-to-getting-started-with-appsec-veracode
 
Tools & Techniques for Addressing Component Vulnerabilities for PCI Compliance
Tools & Techniques for Addressing Component Vulnerabilities for PCI ComplianceTools & Techniques for Addressing Component Vulnerabilities for PCI Compliance
Tools & Techniques for Addressing Component Vulnerabilities for PCI Compliance
 
Snippets, Scans and Snap Decisions: How Component Identification Methods Impa...
Snippets, Scans and Snap Decisions: How Component Identification Methods Impa...Snippets, Scans and Snap Decisions: How Component Identification Methods Impa...
Snippets, Scans and Snap Decisions: How Component Identification Methods Impa...
 
Attribute-based Permission Model for Android Smartphones
Attribute-based Permission Model for Android SmartphonesAttribute-based Permission Model for Android Smartphones
Attribute-based Permission Model for Android Smartphones
 
IRJET- Survey on Web Application Vulnerabilities
IRJET- Survey on Web Application VulnerabilitiesIRJET- Survey on Web Application Vulnerabilities
IRJET- Survey on Web Application Vulnerabilities
 
Security and Privacy Measurements in Social Networks: Experiences and Lessons...
Security and Privacy Measurements in Social Networks: Experiences and Lessons...Security and Privacy Measurements in Social Networks: Experiences and Lessons...
Security and Privacy Measurements in Social Networks: Experiences and Lessons...
 
375 378
375 378375 378
375 378
 
Web Application Security Guide by Qualys 2011
Web Application Security Guide by Qualys 2011 Web Application Security Guide by Qualys 2011
Web Application Security Guide by Qualys 2011
 
Lawyers and Licenses in Open Source-based Development: How to Protect Your So...
Lawyers and Licenses in Open Source-based Development: How to Protect Your So...Lawyers and Licenses in Open Source-based Development: How to Protect Your So...
Lawyers and Licenses in Open Source-based Development: How to Protect Your So...
 
breaking-and-fixing-origin-based-access-control
breaking-and-fixing-origin-based-access-controlbreaking-and-fixing-origin-based-access-control
breaking-and-fixing-origin-based-access-control
 
An Empirical Study on the Security Measurements of Websites of Jordanian Publ...
An Empirical Study on the Security Measurements of Websites of Jordanian Publ...An Empirical Study on the Security Measurements of Websites of Jordanian Publ...
An Empirical Study on the Security Measurements of Websites of Jordanian Publ...
 
Web and Mobile Application Security
Web and Mobile Application SecurityWeb and Mobile Application Security
Web and Mobile Application Security
 

Viewers also liked

Graham - Wiseability
Graham - WiseabilityGraham - Wiseability
Graham - WiseabilityGraham Lonnia
 
ใบงานสำรวจตนเอง ม.6/15 เลขที่ 1
ใบงานสำรวจตนเอง ม.6/15 เลขที่ 1ใบงานสำรวจตนเอง ม.6/15 เลขที่ 1
ใบงานสำรวจตนเอง ม.6/15 เลขที่ 1Urairat Bamrungthai
 

Viewers also liked (8)

CBU Results-2
CBU Results-2CBU Results-2
CBU Results-2
 
Untitled Presentation
Untitled PresentationUntitled Presentation
Untitled Presentation
 
POLITICAL SCIENCE
POLITICAL SCIENCEPOLITICAL SCIENCE
POLITICAL SCIENCE
 
Finance paper
Finance paperFinance paper
Finance paper
 
Graham - Wiseability
Graham - WiseabilityGraham - Wiseability
Graham - Wiseability
 
marketing
marketingmarketing
marketing
 
ใบงานสำรวจตนเอง ม.6/15 เลขที่ 1
ใบงานสำรวจตนเอง ม.6/15 เลขที่ 1ใบงานสำรวจตนเอง ม.6/15 เลขที่ 1
ใบงานสำรวจตนเอง ม.6/15 เลขที่ 1
 
George cv
George cvGeorge cv
George cv
 

Similar to web security

Demand for Penetration Testing Services.docx
Demand for Penetration Testing Services.docxDemand for Penetration Testing Services.docx
Demand for Penetration Testing Services.docxAardwolf Security
 
Software Assurance CSS321Security Static Ana.docx
Software Assurance CSS321Security Static Ana.docxSoftware Assurance CSS321Security Static Ana.docx
Software Assurance CSS321Security Static Ana.docxwhitneyleman54422
 
The advantages of Cloud Application Control
The advantages of Cloud Application ControlThe advantages of Cloud Application Control
The advantages of Cloud Application ControlWeb Werks Data Centers
 
AbstractCloud computing technology has become the new fron.docx
AbstractCloud computing technology has become the new fron.docxAbstractCloud computing technology has become the new fron.docx
AbstractCloud computing technology has become the new fron.docxSALU18
 
The Web AppSec How-To: The Defender's Toolbox
The Web AppSec How-To: The Defender's ToolboxThe Web AppSec How-To: The Defender's Toolbox
The Web AppSec How-To: The Defender's ToolboxCheckmarx
 
A security note for web developers
A security note for web developersA security note for web developers
A security note for web developersJohn Ombagi
 
Quality Attributes of Web Software Applications ∗
Quality Attributes of Web Software Applications ∗Quality Attributes of Web Software Applications ∗
Quality Attributes of Web Software Applications ∗hasnainqayyum1
 
Identified Vulnerabilitis And Threats In Cloud Computing
Identified Vulnerabilitis And Threats In Cloud ComputingIdentified Vulnerabilitis And Threats In Cloud Computing
Identified Vulnerabilitis And Threats In Cloud ComputingIOSR Journals
 
Reliability Improvement with PSP of Web-Based Software Applications
Reliability Improvement with PSP of Web-Based Software ApplicationsReliability Improvement with PSP of Web-Based Software Applications
Reliability Improvement with PSP of Web-Based Software ApplicationsCSEIJJournal
 
Asset Discovery in India – Redhunt Labs
Asset Discovery in India – Redhunt LabsAsset Discovery in India – Redhunt Labs
Asset Discovery in India – Redhunt LabsRedhuntLabs2
 
How Can I Reduce The Risk Of A Cyber-Attack?
How Can I Reduce The Risk Of A Cyber-Attack?How Can I Reduce The Risk Of A Cyber-Attack?
How Can I Reduce The Risk Of A Cyber-Attack?Osei Fortune
 
Project Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxProject Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxwkyra78
 
Top 6 Web Application Security Best Practices.pdf
Top 6 Web Application Security Best Practices.pdfTop 6 Web Application Security Best Practices.pdf
Top 6 Web Application Security Best Practices.pdfSolviosTechnology
 
Application Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting ReputationsApplication Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting ReputationsCognizant
 
Security by the numbers
Security by the numbersSecurity by the numbers
Security by the numbersEoin Keary
 
Web Application Vulnerabilities
Web Application VulnerabilitiesWeb Application Vulnerabilities
Web Application VulnerabilitiesPamela Wright
 
Website Security Testing Ahmedabad Mar 2024.pdf
Website Security Testing Ahmedabad Mar 2024.pdfWebsite Security Testing Ahmedabad Mar 2024.pdf
Website Security Testing Ahmedabad Mar 2024.pdfBella Nirvana Center
 

Similar to web security (20)

Demand for Penetration Testing Services.docx
Demand for Penetration Testing Services.docxDemand for Penetration Testing Services.docx
Demand for Penetration Testing Services.docx
 
Research Paper
Research PaperResearch Paper
Research Paper
 
Software Assurance CSS321Security Static Ana.docx
Software Assurance CSS321Security Static Ana.docxSoftware Assurance CSS321Security Static Ana.docx
Software Assurance CSS321Security Static Ana.docx
 
The advantages of Cloud Application Control
The advantages of Cloud Application ControlThe advantages of Cloud Application Control
The advantages of Cloud Application Control
 
AbstractCloud computing technology has become the new fron.docx
AbstractCloud computing technology has become the new fron.docxAbstractCloud computing technology has become the new fron.docx
AbstractCloud computing technology has become the new fron.docx
 
The Web AppSec How-To: The Defender's Toolbox
The Web AppSec How-To: The Defender's ToolboxThe Web AppSec How-To: The Defender's Toolbox
The Web AppSec How-To: The Defender's Toolbox
 
A security note for web developers
A security note for web developersA security note for web developers
A security note for web developers
 
Quality Attributes of Web Software Applications ∗
Quality Attributes of Web Software Applications ∗Quality Attributes of Web Software Applications ∗
Quality Attributes of Web Software Applications ∗
 
A017130104
A017130104A017130104
A017130104
 
Identified Vulnerabilitis And Threats In Cloud Computing
Identified Vulnerabilitis And Threats In Cloud ComputingIdentified Vulnerabilitis And Threats In Cloud Computing
Identified Vulnerabilitis And Threats In Cloud Computing
 
Reliability Improvement with PSP of Web-Based Software Applications
Reliability Improvement with PSP of Web-Based Software ApplicationsReliability Improvement with PSP of Web-Based Software Applications
Reliability Improvement with PSP of Web-Based Software Applications
 
Top Application Security Threats
Top Application Security Threats Top Application Security Threats
Top Application Security Threats
 
Asset Discovery in India – Redhunt Labs
Asset Discovery in India – Redhunt LabsAsset Discovery in India – Redhunt Labs
Asset Discovery in India – Redhunt Labs
 
How Can I Reduce The Risk Of A Cyber-Attack?
How Can I Reduce The Risk Of A Cyber-Attack?How Can I Reduce The Risk Of A Cyber-Attack?
How Can I Reduce The Risk Of A Cyber-Attack?
 
Project Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxProject Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docx
 
Top 6 Web Application Security Best Practices.pdf
Top 6 Web Application Security Best Practices.pdfTop 6 Web Application Security Best Practices.pdf
Top 6 Web Application Security Best Practices.pdf
 
Application Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting ReputationsApplication Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting Reputations
 
Security by the numbers
Security by the numbersSecurity by the numbers
Security by the numbers
 
Web Application Vulnerabilities
Web Application VulnerabilitiesWeb Application Vulnerabilities
Web Application Vulnerabilities
 
Website Security Testing Ahmedabad Mar 2024.pdf
Website Security Testing Ahmedabad Mar 2024.pdfWebsite Security Testing Ahmedabad Mar 2024.pdf
Website Security Testing Ahmedabad Mar 2024.pdf
 

Recently uploaded

“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Jisc
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTiammrhaywood
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxthorishapillay1
 
Gas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxGas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxDr.Ibrahim Hassaan
 
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfUjwalaBharambe
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPCeline George
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Celine George
 
Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaPainted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaVirag Sontakke
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Celine George
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsanshu789521
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersSabitha Banu
 

Recently uploaded (20)

“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
 
OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptx
 
Gas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxGas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptx
 
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERP
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17
 
Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaPainted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of India
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha elections
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginners
 

web security

  • 1. 1. Introduction There have been reports such as ‘there is high rate of web application vulnerability’ as well as a range of ways in which web hackers attack web applications. Since the discovery that web applications convey the best content to users, there have been attempts to determine ways in which these systems can be hacked into through defacing, damage and defrauding. As the culture of conveying information across the internet continues to gain ground, there are increasing cases of vulnerabilities of these sites to cyber criminals. It has also been found that a large number of businesses use web sites to deliver messages to their customers , communicate with their customers as well as sell products to them. They may also need to sell certain technologies that are designed to handle various types of functions of a web site. The use of content management systems such as Joomla and Drupal may find itself helpful in building strong web sites with products or services and related content. When businesses want to process blogs, applications such as Word press or forums functioning on the principle of phpBB that utilizes user generated information from the web assessors to allow customers communicate through comments and discussions. Other web applications such as magneto are frequently used in e-commerce by both large and small scale businesses that carry out their transactions directly on the web. There are also a number of proprietary applications that are used by web sites and this calls for making web applications a top priority for both small site as well as big site owners. There is also need to analyze the competence of web application software by carrying an online test development, administration and grading process which enables web site to carry out online tests of their web application software so that its functionality and reliability can be known. It also involves development of websites to incorporate more information such as news, papers and interface that allows adding and deletion of papers. It can also be use to know the competencies that exist in a web application. It is also used to show the mastery of the web site owner of some of the competencies in the domains of leadership, communication strength and reasoning and the ability to solve problems effectively. On the basis of Information technology IT, the domains in which competencies may be determined include software, networks, IT Management, security or databases. This paper explains the procedure of using capstone matrix to determine the competency of a web application and also recommend the precautions that are need to ensure that a web application is not hacked into by authorized users. This paper also tries to explain on how hack-resilient applications can be built. This is an application that meets certain requirements of the capstone matrix by reducing the possibility of attack and ensures that damage does not occur. This is an application that is found in the host server in a network that has been
  • 2. developed using design and procedures that cannot be hacked as well. This paper explains that there is need to secure an application by making sure that input is validated, authenticated, authorized and data is made sensitive. By using capstone competency matrix, it shows the competency of the application and the likelihood of its being hacked into by unauthorized users. This allows for remedial actions such as securing the network, securing the host and also securing the application. The results of the capstone matrix are also important in determining the level of security in the threes physical tiers i.e. web server, remote application server and database server. The use of competence matrix gives the information regarding security information that that are found in the host network and the level of application vulnerabilities that can be used to structure application arrangements for security purposes. I. Literature review As the number of web applications used increases, so are the number of security risks associated with them. Currently web application security is a concern everywhere and there is need to determine how competent a web application is towards certain threats such as hacking and security of information. There are a number of technical and business applications of web applications a. Areas of application of web applications a) Network and application levels merging In the older days, vulnerability detection was mainly focused on network or operating system of a hardware component. These involved the use of traditional manual hacking testing and also automatic testing using security tools. The trends have currently focused on the need to scan for the competency of a network as well as the vulnerability of an application. Presently, interest has been focused on combining the ability of network scanners with tool kits used in web application security space. The purpose of merging network and application competency analysis is to locate the information found in one level and use the same approach towards determining the competency of the next level. Another area that has attracted interest in vulnerability testing is the network management consoles. The present consoles are geared towards finding network device data such as firewall. Focus is made on incorporating applications from a number of tools such as firewalls. However, there is no likelihood of integration taking place in patch management methods. Furthermore, consoles have the ability to attach patch management solutions to data conveying information regarding the existence of problems. The challenge is that a number of web applications are proprietary and therefore recognized by only certain customers and departments within a large organization. b) QA testing and Developer Awareness In the olden days, quality assurance teams were not working in partnership with information security work force, however, there are trends towards a change in this culture. For instance, mercury interactive, an entity involved in automated testing tools, proposed that they would enter into partnership with some of the most successful application security testing companies that provide a reliable solution to mercury’s testing goods and the applications used by to determine vulnerability of tools. QA testing is also expected to move from basic testing of functions to compliance testing. These include compliance with certain federal laws concerning privacy. They could also be used to determine the types
  • 3. of web pages that are not likely to refer to web page privacy information or the web pages that are like to result into leakage of information in the site of form information. It is also speculated that the developers are also likely to benefit from the wide range of a web application vulnerability detection tools that are currently being developed. The purpose of detection tools is to track defective or insecure lines of information that might be the sources of vulnerabilities. This is speculated to take place during development tool process such as a writing of a code. A number of vendors have developed tools that improve code security despite the fact that up to date there have been low sales of these tools. Furthermore, number of these code scanning tools is not able to provide complete awareness of an application and focuses on only specific modules of code. This is likely to result into more complex problems such as between a UI module and database module, scanners have been successful in their use in the same purpose. It is also speculated that there might be integration with bug detecting systems to allow developers to only follow the present defect detecting process and make the corrections regarding vulnerability as a simple defect of function in their code. c) Attack detection Sophistication Increases There have been tremendous improvements in development of web application vulnerability detection technology. Tools have gone beyond the normal buffer overflow attacks and have the detection abilities that can only be attained by few strings. These tools are mainly geared towards online detection. The use XSS attack detection methods are currently shifting from the conventional inline string injection method to a multi-faceted attack and detection process that needs persistence of state. Other areas that have not been tackled include performance of a large form of information from the web application and user information that needs to be kept and referenced with accuracy without false information. For instance, a number of large financial institutions had problems with cross-frame scripting (XSS), and example of a phishing attack that affects a frame in a web page. There has also been increasing focus on web services. Despite the slow rates of their adoption by the masses, a number of users own sites and web applications that are dependent on web services and require knowing how competent those web services are. For instance, vendors involved in this area used simple detection methods such as XML based detection and applying common web competency in a non –xml applications. b. Some of the threats and counter measures This part of the article explains some of the treats that are likely to be faced by a network, host or application layers. It determines how a web application can be regarded as competent enough to withstand threats that hinder its application When security features have been incorporated into application design, implementation is helpful in understanding the manner in which attackers would like to hack into the application. Designing a secure web application c. Building secure web applications d. Assessing your security II. Rationale and systems Analysis for the Project In this stage of assessing the competency of web application software, a number of considerations have been identified. They are explained in this section. a. Access control
  • 4. The paper explains that there is need to determine a criterion for mandatory data access control and understanding different factors that can be helpful in implementation of access control and coming up with a better access control plan. The paper also explains that there is need to implement and manage access control plan in compliance with principles that control access control systems that are supposed to be known. It is also important to identify other access control plans such as ID cards and getting proper knowledge concerning warning banners that are used in implementing access rules. b. Social engineering, phishing and identity theft There is also need to understand a number of social engineering concepts and their function in insider attacks and coming up with better practices that can hinder social engineering. There is also need to develop plans that prevent phishing attacks. c. Physical security It has also been found that there is need to determine the standards, directives, processes and policies that guarantee the physical safety of web application software. There is also need to value the importance of the web application software and the impact it is likely to bring. This paper also indicates that we need to design, apply and manage an organized and coordinated physical security measures that ensures total safety of web application software. We also need to determine the objectives that ensure that the personnel in charge of the web applications are also secure to attain the overall objective of making the entire organization secure. There is also need to determine a method of determining physical security level so that corrective measures can be put in place. d. Risk management There is need to determine risks and risk management processes and understands the level of allowable risk to ensure the hacking into the web application system lies within a level that cannot be harmful to the web site owner. We also need to identify resource requirement for risk management to ensure that the web application is well managed and the problem of lack of resources is dealt with. There is also need to determine a systematic risk measuring process on the based on consultation with IT experts and IT risk management processes that comply with the standards and procedures to ensure the organizational goals and objectives are pursued. In order to ensure total avoidance of risks, we need to know the level of relationship between incidence response group and other groups both within the organization and outside the organization such as between the legal department and law enforcement agencies as well as public relations officers. We also need to identify the areas where risks to our web application system are likely to come from and continuously update our web application security settings. We also need to determine policies that guide risk management and update risk management programs according to the likelihood of threats in the environment and also according to the goals and objectives of the organization.