Analyzing and Defending Web Application Vulnerabilities through Proposed Security Model in Cloud Computing
Security of web applications from attackers is one of a challenging task in cloud computing infrastructure. Unsecure source code is one of a top reason for cyber-attacks, due to which valuable data like username, password, credit card information or even personal information related to aadhar enabled biometric system, can be compromised. Most of the vulnerabilities in web application source code is related to Open Web Application Security Project (OWASP), these vulnerabilities are SQL, NoSQL, LDAP Injection, Broken Authentication, Sensitive data exposure, XML external entities, broken access control, security misconfiguration, Cross site scripting (XSS), Insecure deserialization and insufficient monitoring and logging etc. Vulnerable web applications are the hot spot for hackers. According to Symantec’s Internet SecurityThreat Report published in July 2017, more than 2 lakh attacks against websites occur each day and more than 76% websites hosted in cloud contain un-patched vulnerabilities.This paper proposes a new innovative conceptual security tool name as SECUREWEB. This tool will detect vulnerabilities in web application source code and automatically patch detected vulnerabilities and return secure source code free from any identified vulnerabilities. This tool works on the concept of proxy based source code analyzer SECUREEYE model for detecting OWASP Top 10 vulnerabilities and SECURESOLUTION model for auto patching of detected vulnerabilities.
Djuric, Z. (2013, September). A black-box testing tool for detecting SQL injection vulnerabilities. In Informatics and Applications (ICIA), 2013 Second International Conference on (pp. 216-221). IEEE.
Fonseca, J., Vieira, M., & Madeira, H. (2014). Evaluation of web security mechanisms using vulnerability & attack injection.IEEE Transactions on Dependable and Secure Computing,11(5), 440-453.
Huang, H. C., Zhang, Z. K., Cheng, H. W., & Shieh, S. W. (2017). Web application security: threats, countermeasures, and pitfalls.Computer,50(6), 81-85.
Kankhare, D. D., & Manjrekar, A. A. (2016, December). A cloud based system to sense security vulnerabilities of web application in open-source private cloud IAAS. In Electrical, Electronics, Communication, Computer and Optimization Techniques (ICEECCOT), 016 International Conference on (pp. 252-255). IEEE.
Nguyen-Tuong, A., Guarnieri, S., Greene, D., Shirley, J., & Evans, D. (2005, May). Automatically hardening web applications using precise tainting. In IFIP International Information Security Conference(pp. 295-307). Springer, Boston, MA.
Open Web Application Security Project (OWASP) 2015, OWASP Top 10, Available https://www.owasp.org, last accessed 10-02-2018.