Introducing Multi Level Security in Web Applications

Main Article Content

Article Sidebar

Published Sep 14, 2021
Subhranshu Mohanty

Abstract

Now almost all organizations use web applications for their daily activities and to be protected from security breaches. There are many conventional security methods are available in the market but adding security using them are more challenging and exposed to the attackers. We have recognized one method which will have multiple layers of security at client side. This technique protects bots or scripts to protect extra load on the server and the application as well. We have also observed that the conventional methods have same pattern to access resources of the organizations and attackers intentionally or unintentionally prepare scripts or bot programs to slow down the application and sometime try to steal organization data. Data is the weapon in today’s era and each organization is protecting its data by using various methods and techniques. Our method not only protects application from the unwanted requests on the server, it also protects data by adding one more layer of security to the application at server side.

Keywords: Web applications, Security breaches, Scripts or bot programs

How to Cite

Subhranshu Mohanty. (2021). Introducing Multi Level Security in Web Applications. SPAST Abstracts, 1(01). Retrieved from https://spast.org/techrep/article/view/300
Abstract 3 |

Article Details

References
[1] Busch M, Koch N, Suppan S. Modeling security features of web applications. In Engineering Secure Future Internet Services and Systems 2014 (pp. 119-139). Springer, Cham.
[2] B. L. Filkins, J. Y. Kim, B. Roberts, W. Armstrong, M. A. Miller, M. L. Hultner, A. P. Castillo, J.-C. Ducom, E. J. Topol, and S. R. Steinhubl, “Privacy and security in the era of digital health: What should translational researchers know and do about it?” American journal of translational research, vol. 8, no. 3, pp. 1560, 2016.
[3] G. Kessler, Passwords - strengths and weaknesses, http://www.garykessler. net/library/password.html, Jan. 1996.
[4] M. Burnett, 10,000 top passwords, http://web.archive.org/web/20150315154609/, Jun. 2011.
[5] M. Raza, M. Iqbal, M. Sharif, and W. Haider, “A survey of password attacks and comparative analysis on methods for secure authentication”, World applied sciences journal, vol. 19, no. 4, pp. 439–444, 2012.
[6] O. Kasat, U. Bhadade, and M. N. Trivedi, “Study and analysis of shoulder-surfing methods”, 2015.
[7] T. Kwon and J. Hong, “Analysis and improvement of a pin-entry method resilient to shoulder-surfing and recording attacks”, IEEE transactions on information forensics and security, vol. 10, no. 2, pp. 278–292, 2015.
[8] G. Kessler, Passwords — strengths and weaknesses, http://www.garykessler. net/library/password.html, Jan. 1996
[9] Ghaffarian SM, Shahriari HR. Software vulnerability analysis and discovery using machine-learning and data-mining techniques: A survey. ACM Computing Surveys (CSUR). 2017 Aug 25;50(4):1-36.
[10] Saravanan A, Bama SS. A Review on Cyber Security and the Fifth Generation Cyberattacks. Oriental Journal of Computer Science and Technology. 2019;12(2):50-6.
[11] Gupta S, Gupta BB. XSS-secure as a service for the platforms of online social network-based multimedia web applications in cloud. Multimedia Tools and Applications. 2018 Feb;77(4):4829-61.
[12] Gupta S, Gupta BB. A robust server-side JavaScript feature injection-based design for JSP web applications against XSS vulnerabilities. Cyber Security 2018 (pp. 459-465). Springer, Singapore.
[13] Bugliesi M, Calzavara S, Focardi R. Formal methods for web security. Journal of Logical and Algebraic Methods in Programming. 2017 Feb 1;87:110-26.
[14] Tian W, Yang JF, Xu J, Si GN. Attack model-based penetration test for SQL injection vulnerability. In 2012 IEEE 36th Annual Computer Software and Applications Conference Workshops 2012 Jul 16 (pp. 589-594). IEEE.
[15] Acunetix.com. [Online]. Available: http://acunetix.com/websitesecurity/web-applications.htm. [Accessed: 25-Mar-2021].
[16] Gupta S, Gupta BB. Detection, avoidance, and attack pattern mechanisms in modern web application vulnerabilities: present and future challenges. International Journal of Cloud Applications and Computing (IJCAC). 2017 Jul 1;7(3):1-43.
[17] Shar LK, Tan HB. Automated removal of cross site scripting vulnerabilities in web applications. Information and Software Technology. 2012 May 1;54(5):467-478.
[18] Avancini A, Ceccato M. Comparison and integration of genetic algorithms and dynamic symbolic execution for security testing of cross-site scripting vulnerabilities. Information and Software Technology. 2013 Dec 1;55(12):2209-2222.
[19] Shay R, Komanduri S, Durity AL, Huh P, Mazurek ML, Segreti SM, Ur B, Bauer L, Christin N, Cranor LF. Designing password policies for strength and usability. ACM Transactions on Information and System Security (TISSEC). 2016 May 6;18(4):1-34.
[20] Sharma P, Johari R, Sarma SS. Integrated approach to prevent SQL injection attack and reflected cross site scripting attack. International Journal of System Assurance Engineering and Management. 2012 Dec;3(4):343-51.
[21] Patil K. An insecure wild web: A large-scale study of effectiveness of web security mechanisms. ICTACT Journal on Communication Technology. 2017 Mar 1;8(1):1465-71.
[22] Deepa G, Thilagam PS. Securing web applications from injection and logic vulnerabilities: Approaches and challenges. Information and Software Technology. 2016 Jun 1;74:160-80.
[23] Lee H, Zhang Y, Chen KL. An investigation of features and security in mobile banking strategy. Journal of International Technology and Information Management. 2013;22(4):2.
Section
GE3- Computers & Information Technology