Premium Essay

Web Application

In:

Submitted By shubada
Words 6435
Pages 26
Chapter – 1
INTRODUCTION

The world as we know it today is centered on the workings and ability of the World Wide Web. Internet security, however, is one area of concern and poses one of the biggest challenges to this internet savvy era. Our interaction with the internet has increased to such an extent , that experience, mixed with continued research has taught us that with each such interaction, we are prone to many malicious attacks, security lapses and even extremely skilled hacking operations. The field of Network Security and Cryptography has come a long way in the past decade, but it is safe to say that there is a lot more work to be done.

Here we choose to concentrate on Web Applications and we particularly approach them from the developer’s perspective. With every step taken towards better security on the internet, end-users are doing their bit to safeguard their systems and data. However, keeping in mind how commercial and competitive the world we live in has become and the manner in which the market for web related products has grown, it becomes imperative for a developer to ensure that his web application is not just marketable as a breakthrough user friendly concept but also as a secure one. We imagine a world where, every skilled developer is able to make phenomenal applications and is able to provide his users with a large amount of credibility and reliability in terms of security.

We aim to conceptualize and subsequently generate a security tool exclusively for the developer, which will be able to scan his work for security lapses and loopholes thereby enhancing the product testing process and making it more wholesome and complete.

Chapter – 2
PROBLEM DEFINITION

Our project aims at designing an application that has the following features:

1. Identify a selected set of software security vulnerabilities like Cross Site

Similar Documents

Premium Essay

Web Application

...The Software Development Client has requested the creation of a Secure Web Application, which is a designed to guide your customers through the process of creating supply orders . The web application will be a web-based solution using the supported corporate Internet Explorer and Firefox browsers. It will be developed using ASP.Net MVC and Sql Server 2008. This is based on the superior performance, reliability and availability of qualified developers to support the application for the long run. Our ultimate deliverable goes beyond a well-tested production-ready software application. We also provide project specification, clear design documents, user / technical manuals, and a testing / development environment so that development can easily continue beyond the scope of this project. While our goal is a long-term relationship with Software Development Client, as professionals, we will produce a structure that can be maintained or extended by anyone familiar with .Net and Sql Server. We will establish specific deliverable timetables based on the Software Development Clients schedule and requirements. We are currently anticipating a two month project timeframe. Should you decide to move forward, we have three software development team members who would be ready to begin the project two weeks from the date of acceptance. I will personally act as Client Liaison / Project Manager and will be involved with your project on an on-going basis. We will also be available...

Words: 259 - Pages: 2

Premium Essay

Web Application Firewalls

...Magic Quadrant for Web Application Firewalls Page 1 sur 13 Magic Quadrant for Web Application Firewalls 17 June 2014 ID:G00259365 Analyst(s): Jeremy D'Hoinne, Adam Hils, Greg Young, Joseph Feiman VIEW SUMMARY The WAF market is growing quickly from a small base; it is composed of pure players, application delivery controller vendors, cloud service providers and network security vendors. Buyers should evaluate how WAFs can provide high security, minimize false positives and sustain performance. STRATEGIC PLANNING ASSUMPTIONS At the end of 2018, less than 20% of enterprises will rely only on firewalls or intrusion prevention systems to protect their Web applications — down from 40% today. By year-end 2020, more than 50% of public Web applications protected by a WAF will use WAFs delivered as a cloud service or Internet-hosted virtual appliance — up from less than 10% today. Market Definition/Description The Web application firewall (WAF) market is defined by a customer's need to protect internal and public Web applications when they are deployed locally (on-premises) or remotely (hosted, "cloud" or "as a service"). WAFs are deployed in front of Web servers to protect Web applications against hackers' attacks, to monitor access to Web applications, and to collect access logs for compliance/auditing and analytics. WAFs are most often deployed in-line, as a reverse proxy, because historically it was the only way to perform some in-depth inspections. Other deployment modes...

Words: 10448 - Pages: 42

Premium Essay

Web Application

...CSC581: Advanced Software Engineering Web Application Architectures Manar Alqarni Abstract As the difficulty of web application grows, the need to develop an architecture for the web application is become necessary in order to support and guide an organization for web system planning, maintenance, deployment, building and design. This research paper presents an abstract view for web application architecture and it will be focused on the comparison of existing applications architecture. Moreover, it discusses the advantages and disadvantages of these architectural designs. Key words Web application, Architecture, Framework, MVC, Ajax, SOFEA. 1. Introduction The history of web application has begun when Tim Berners-Lee and his colleagues in 1989 were working together on their project for a distributed hypertext system, they did not have a clue of how the World Wide Web would look alike tomorrow [1]. While many of documents and accessible resources on the web were growing, also the different category of programming languages and technologies for web page generation increased. Additionally, the different category of programming languages and technologies caused a growth in the variety of possibilities and applications on the web [3]. Nowadays, the World Wide Web or WWW is not only of an huge information system that consists of million documents and information, it can also host distributed applications that give a concurrent access to users...

Words: 2759 - Pages: 12

Free Essay

Web Applications

...One dozen trusted Web Apps Web Apps are computer software applications which have right to use over the network like Internet and intranet. There are numerous web apps that are gaining popularity and are trusted by the users. These web apps provide compatibility to thousands of computer clients as it can be operated in any modern browser or mobile OS. 1. Money: Money is termed as another food to survive in this world. Monetary balance is very essential to manage business and personal life online. To deal with the finances, cash flows and to make the sites financially viable there are applications like: Mint: This application has found ways to administer the finances online in a convenient way. It will check the accounts and track your budgets. Freshbooks: This app provides an easier platform to raise online invoices for the clients within the time specified and also facilitate collection of payment through Paypal. . 2. Presentations: This is a kind of apps that is ruled by the phrase “First Impression is the last impression”. In this application one can present his idea, his thought, his believe visually and make the things in their favour. This kind of app is gaining popularity in corporate sector where everything needs to be discussed at various levels to get it executed and describing the idea again and again can sometimes lose its vision so presenting the thought through various presentation is the most suitable technique. One of the apps is Animoto: Animoto...

Words: 714 - Pages: 3

Premium Essay

Web Applications

...is defined by the free dictionary as a set of inter-related components working together to collect, retrieve, process, store, and distribute information in order to facilitate the planning, control, coordination, analysis, and decision making in companies and other organizations. The World Wide Web (WWW) has become the largest sources of information. However, its content cannot be manipulated in a general way because of two main issues: (1) Finding relevant information is a difficult task and (2) the web is unstructured. Search engines such as Altavista, Google, Lycos, and many others offer some form of structure and comfort to users, however, their query facilities are often limited and come in the form of HTML pages. Most of the information present on the web is stored in a HTML format. HTML is a semi-structured format designed to describe and create the layout of the web pages. HTML is not responsible for the content displayed. These factors have initiated a need and desire to develop data mining techniques. In this paper, I will address the problem of extracting data from the web and I will analyze some of the techniques to approach web mining. Web Applications A Web...

Words: 1045 - Pages: 5

Premium Essay

Benefits of Web Application

...past 10 years, web application has moved to be a very powerful business tool in the organization. In effectively will swear by how essential it’s become. It was an exciting application which suddenly took the world by storm to such an extent that it became something that no business, small or large, local or global, could afford to ignore. With the advent of web application, this way of doing business has been extended to a much larger audience and it’s now more important than ever to use this market to advantage and to embrace the technology help to grow business. Software is defined by a program or a group of programs that is design for a user’s. The software could easily be divided by two parts. One would be the system software and another is the application software. Application software includes word processors, spreadsheets and power point. Next is the web application. Web application is an application where users could easily access via web. Web applications allow users to excess the web and exchange data and information between each other. Analysis Application Software is a programs designed for users to do different task by using various programs to make them more productive. (Vermaat, 2008) There are 4 categories of application software which is home/personal/educational, graphics, business and communications. Figure 1.1 Four Categories of Application Software Application software available in different types of forms such as web application, shareware open...

Words: 2160 - Pages: 9

Free Essay

Web Application Security

...Web Server Application Attacks Brooks Gunn Professor Nyeanchi CIS 502 July 10, 2013 Web Server Application Attacks Many organizations have begun to use web applications instead of client/server or distributed applications. These applications has provided organizations with better network performance, lower cost of ownership, thinner clients, and a way for any user to access the application. We applications significantly reduce the number of software programs that must be installed and maintained in end user workstations (Gregory 2010). Web applications are becoming a primary target for cyber criminals and hackers. They have become major targets because of the enormous amounts of data being shared through these applications and they are so often used to manage valuable information. Some criminals simply just want vandalize and cause harm to operations. There are several different types of web application attacks. Directory traversal, buffer overflows, and SQL injections are three of the more common attacks. One of the most common attacks on web based applications is directory traversal. This attack’s main purpose is the have an application access a computer file that is not intended to be accessible. It is a form of HTTP exploit in which the hacker will use the software on a Web server to access data in a directory other than the server’s root directory. The hacker could possibly execute commands...

Words: 1620 - Pages: 7

Premium Essay

Web Application Attack Scenario

...Assignment 1: Web Application Attack Scenario (Student’s Name) (Professor’s Name) (Course Title) (Date of Submission) Introduction Web applications are nowadays serving as a company’s public face to the internet. This has created the need to identify threats and attacks directed to data servers and web applications. Hackers exploit vulnerabilities in input validation and authentication affecting the web application in order to gain illegal access and disclose sensitive data or manipulate it to their benefits. Common threats to data systems Data systems such as the web application and data servers are faced by a number of threats, some of these threats are discussed below: Spoofing: this is a situation where computer assume the identity of another and masquerading where a user assumes to be another (Cross, 2007). If the attacker manages to get high privileges, he can use this to attack the web system to insert or change the data, denial of service, or even damage the system. Scavenging: This is a threat presented by examining available data form accessible sources such as waste, network and search engines. Scavenging might identify the actual information needed by the hacker but in most cases, it is used as a way to select other threats for vulnerabilities that are well established for web systems attack. The information gathered through scavenging include, server software, type of operating system firewall and the application software. This risk highly lies at the client...

Words: 1087 - Pages: 5

Free Essay

Introduction to Web Applications

...Introduction to Web Applications Unit 3 Homework The following homework is designed to cover the course objectives for this unit. Assignment 3.1: For the following questions, fill in the blank or name the thing described. 1. This color palette displays in a similar manner in the Mac and PC platforms: _________ 2. CSS selector that applies to one and only one object on a Web page: _________ 3. CSS rules are comprised of ____________ and declarations. 4. CSS property that configures the background color: _________ 5. CSS property that configures the text font typeface: _________ 6. CSS property that configures the text color: _________ 7. CSS selector that configures and applies styles to one or more specified elements: _________ 8. Acronym for Cascading Style Sheets: _________ 9. Type of CSS configured in the header section of a Web page: _________ 10. XHTML element associates a Web page with an external style sheet: _________ 11. XHTML element that configures inline areas on Web pages: _________ 12. CSS styles coded as an attribute of an XHTML tag: _________ 13. XHTML element that contains embedded CSS: _________ 14. XHTML element configures an area or division on a page: _________ 15. XHTML element attribute that configures inline styles: _________ 16. CSS property that configures the alignment of the text: _________ 17. Color specified with red, green, and blue values: _________ 18. Base 16 numbering system: _________ ©ITT Educational Services, Inc. 25 Date:...

Words: 302 - Pages: 2

Premium Essay

Web Server Application Attacks

...Running Head: Web Server Application Attacks Web Server Application Attacks Assignment # 1 Mariz Cebron Common web application vulnerabilities and attacks, and recommend mitigation strategies The World Wide Web has evolved into a critical delivery pipeline for institutions to interact with customers, partners and employees. Via browsers, people use web sites to send and receive information via Hypertext Markup Language (HTML) messages to web applications housed on web servers. This information, expected as legitimate messages, can be used illegitimately in unauthorized ways to compromise security vulnerabilities a.) Authentication - one of the biggest web application weaknesses is the failure to provide a means of strong authentication to verify the end user is whom he/she claims. Prior to accessing a web application, a server may require the end user to authenticate him/herself to identify the user or determine the user's access privileges. To mitigate these risks; employ strong authentication, such as HTTPS, with encrypted credentials, require authentication at specified time intervals or movement between web pages, regularly test authentication and implement authorization. b.) SQL injection - Many web applications do not properly strip user input of unnecessary special characters or validate information contained in a web request before using that input directly in SQL queries. SQL...

Words: 1656 - Pages: 7

Free Essay

Web Server Application Attacks

...Web Server Application Attacks Christopher Jones Theories of Security Management Dr. Alaba Oluyomi Most web attacks are executed by several different methods to interrupt the functions of web servers. Web applications incorporate several applications to make it work properly. The web administrator must monitor the databases, extended markup languages, and script interpreters to stay ahead of hackers. All website that are running on a web server are prone to compromise, even though they are coded. Attackers take advantage of vulnerabilities of the web server. Attacker takes advantage of vulnerabilities within the implementation of TCP/IP protocol suites. With the slow reactions to correct these deficiencies, attackers are shifting to the application layers and mainly the web. This is in part caused by most companies open their firewall systems to web traffic. Most of the attacks are broad, and comes in many versions that fall into similar categories. Companies are making their web servers more secure, so attacks are moving to the vulnerability of web application flaws. Below are types of attacks on a web server 1 Web application vulnerabilities can be categorized as follows; Web server vulnerabilities, Manipulation of URLs, Exploitation of weaknesses in session identifiers and authentication systems, HTML code Injection and Cross-Site Scripting, and SQL Injection. SQL injection is a technique often used to attack data driven applications. This is done...

Words: 1565 - Pages: 7

Free Essay

Web Server Application Attacks

...Web Server Application Attacks April 15, 2015 Strayer University Spring 2015 Web Server Application Attacks Increasingly the world is becoming more and more dependent upon technology. With this dependency comes responsibility. In order to assure a company’s success, web security is a key element and has to be taken seriously; it should be at the top of the list when it comes to a company’s priorities. It is better for a company to employ an IT security policy that is more proactive than reactive. Hackers and attackers are constantly developing ways to penetrate infrastructures and there are several web server application vulnerabilities that companies should become familiar with. This document will discuss three common vulnerabilities and attacks; broken authentication, security misconfiguration, and sensitive date exposure. Mitigation strategies will also be discussed. Broken authentication involves the threat of an attacker stealing critical information such as passwords or other account information. The attacker is then able to pose as the compromised user, acting as if they are them. In most cases, the attacker targets privileged accounts. The impact to the company is as great at the value of the information that was stolen. According to an article on the website Liquid Web “protecting your application from session ID exploits requires a strong set of authentication and session management controls, secure communication and credential storage....

Words: 1230 - Pages: 5

Premium Essay

Quality Attributes of Web Application

...Web Software Applications Quality Attributes Jeff Offutt Information & Software Engineering George Mason University Fairfax, VA 22030 USA http://www.ise.gmu.edu/~ofut/ Abstract In only four or five years, the World Wide Web has changed from a static collection of HTML web pages to a dynamic engine that powers e-commerce, collaborative work, and distribution of information and entertainment. These exciting changes have been fueled by changes in software technology, the software development process, and how software is deployed. Although the word “heterogeneous” is commonly used to describe web software, we might easily forget to notice in how many ways it can be applied. In fact, the synonymous term “diverse” is more general and familiar, and may be more appropriate. Web software applications use diverse types of hardware, they include a diverse collection of types of implementation languages (including traditional programs, HTML, interpreted scripts, and databases), they are composed of software written in diverse languages, and they are built by collections of people with very diverse sets of skills. Although these changes in how web applications are built are interesting and fascinating, one of the most unique aspects of web software applications is in terms of the needs they must satisfy. Web applications have very high requirements for a number of quality attributes. Some of these quality attributes have been important in other (mostly relatively small) segments of the...

Words: 5721 - Pages: 23

Premium Essay

Web Application

...Web Application CIS/207 Web Application Since its inception for public use, the internet has grown to an enormous size. According to the United States Census close to 80 percent of individuals over 15 years of age are connected to the internet (US Census, 2012). 8 out of 10 people are using smart phone technology or have some type of connected device that allows them to update or browse online media. One of the popular web applications hot in the market today is social media. From the world of blogging came a medium that allows people to maintain constant to-the-second updates on the world around them. The top three examples of social media applications are Facebook, Twitter, and Pinterest. Facebook is leading this market with three times the monthly traffic compared to its competitors (eBiz, 2014). Facebook Facebook was established at Harvard University by Mark Zuckerberg in 2004 as a college campus social blogging site. Zuckerberg hacked the university website to obtain pictures of students and posted them on his website for users to view and make comments. This evolved into a social web application that spread to universities all over the United States. He reorganized and recoded the application into what is known today as Facebook. Facebook is a web application that allows users to sign up for a personal profile page. Users can communicate with other users through private and public chat or postings. Users can post pictures, create a profile, and update their timeline...

Words: 774 - Pages: 4

Premium Essay

Web Application

...Journal of Web Engineering, Vol. 2, No.3 (2004) 193-212 © Rinton Press Requirements Engineering for Web Applications – A Comparative Study M. JOSÉ ESCALONA University of Seville. Spain escalona@lsi.us.es NORA KOCH University of Munich (LMU) and F.A.S.T. GmbH, Germany kochn@informatik.uni-muenchen.de koch@fast.de Received (to be filled by the JWE editorial) Revised (to be filled by the JWE editorial) The requirements engineering discipline has become more and more important in the last years. Tasks such as the requirements elicitation, the specification of requirements or the requirements validation are essential to assure the quality of the resulting software. The development of Web systems usually involves more heterogeneous stakeholders than the construction of traditional software. In addition, Web systems have additional requirements for the navigational and multimedia aspects as well as for the usability as no training is possible. Therefore a thoroughly requirements analysis is even more relevant. In contrast, most of the methodologies that have been proposed for the development of Web applications focus on the design paying less attention to the requirements engineering. This paper is a comparative study of the requirements handling in Web methodologies showing trends in the use of techniques for capturing, specifying and validating Web requirements. Keywords: Requirements Engineering, Web methodology, survey Communicated by: (to be filled...

Words: 8661 - Pages: 35