Research Article

Web Application Top 10 OWASP Attacks and Defence Mechanism

by  Madhuri N. Gedam, Bandu B. Meshram
journal cover
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 185 - Issue 30
Published: Aug 2023
Authors: Madhuri N. Gedam, Bandu B. Meshram
10.5120/ijca2023923062
PDF

Madhuri N. Gedam, Bandu B. Meshram . Web Application Top 10 OWASP Attacks and Defence Mechanism. International Journal of Computer Applications. 185, 30 (Aug 2023), 36-45. DOI=10.5120/ijca2023923062

                        @article{ 10.5120/ijca2023923062,
                        author  = { Madhuri N. Gedam,Bandu B. Meshram },
                        title   = { Web Application Top 10 OWASP Attacks and Defence Mechanism },
                        journal = { International Journal of Computer Applications },
                        year    = { 2023 },
                        volume  = { 185 },
                        number  = { 30 },
                        pages   = { 36-45 },
                        doi     = { 10.5120/ijca2023923062 },
                        publisher = { Foundation of Computer Science (FCS), NY, USA }
                        }
                        %0 Journal Article
                        %D 2023
                        %A Madhuri N. Gedam
                        %A Bandu B. Meshram
                        %T Web Application Top 10 OWASP Attacks and Defence Mechanism%T 
                        %J International Journal of Computer Applications
                        %V 185
                        %N 30
                        %P 36-45
                        %R 10.5120/ijca2023923062
                        %I Foundation of Computer Science (FCS), NY, USA
Abstract

Enterprise Security API (ESAPI) is a security framework developed by the Open Web Application Security Project (OWASP) to help developers to build secure applications. ESAPI can generally help in securing web applications against various types of vulnerabilities. By incorporating ESAPI into web application development, developers can leverage its secure coding practices, libraries, and APIs to address various vulnerabilities that may be part of the OWASP Top 10 2023 attacks. The research explores the development of web based application with vulnerabilities and then OWASP Top 10 Attacks are made on it. The same web application is recoded by embedding ESAPI and the Top 10 attacks are made on this application. It is found that due to security provided into the web applications, attacks can not be made on the web application. However, it's important to stay updated with the latest security guidelines and recommendations from OWASP to ensure maximum protection against emerging threats.

References
  • Elder, S. E., Zahan, N., Kozarev, V., Shu, R., Menzies, T., and Williams, L. 2021. Structuring a Comprehensive Software Security Course Around the OWASP Application Security Verification Standard. IEEE/ACM 43rd International Conference on Software Engineering: Software Engineering Education and Training (ICSESEET), 95-104.
  • Marchand-Melsom, A., and Mai, D. B. N. 2020. Automatic repair of OWASP Top 10 security vulnerabilities: A survey. IEEE/ACM 42nd International Conference on Software Engineering Workshops (ICSEW’20), Seoul, 23-30.
  • Spoto, F., Burato, E., Ernst, M. D., Ferrara, P., Lovato, A., Macedonio, D., Spiridon, C. 2019. Static Identification of Injection Attacks in Java. ACM Transactions on Programming Languages and Systems, Vol. 41, No. 3, 18-58.
  • Gedam, M. N., and Meshram, B. B. 2022. Proposed Secure 3-Use Case Diagram. International Journal of Systems and Software Security and Protection, Volume 13, Issue 1, IGI Global.
  • Gedam, M. N., and Meshram, B. B. 2019. Vulnerabilities & Attacks in SRS for Object-Oriented Software Development. Lecture Notes in Engineering and Computer Science: Proceedings of The World Congress on Engineering and Computer Science, 94-99.
  • Lala, S. K., Kumar, A., Subbulakshmi, T. 2021. Secure Web development using OWASP Guidelines. International Conference on Intelligent Computing and Control Systems(ICICCS), 323-332.
  • Brown, L. D., Hua, H., and Gao, C. 2003. A widget framework for augmented interaction in SCAPE.
  • Ingle, D.R., and Meshram, B. B. 2012. Attacks on Web Based Software And Modelling Defence Mechanisms. International Journal of UbiComp.
  • Chavan, S. B., and Meshram, B. B. 2013. Classification of web application vulnerabilities. International Journal of Engineering Science and Innovative Technology (IJESIT).
  • Khochare, N., Chalurkar, S., and Meshram, B. B. 2012. Survey on Web Application Vulnerabilities Prevention Tools. International Journal of Managment, IT and Engineering.
  • Available Online - https://www.javadoc.io/doc/org.owasp.esapi/esapi/2.0.1/org/owasp/esapi/AccessReferenceMap.html
  • Available Online - https://www.javadoc.io/static/org.owasp.esapi/esapi/2.0.1/index.html?org/owasp/esapi/Authenticator.html
  • Interface Encoder, Jeff Williams (2007) - https://www.javadoc.io/doc/org.owasp.esapi/esapi/2.0.1/org/owasp/esapi/Encoder.html
  • OWASP Enterprise Security API - https://owasp.org/www-project-enterprise-security-api/
  • Interface Encrypter, Jeff Williams (2007) -https://javadoc.io/doc/org.owasp.esapi/esapi/2.0.1/org/owasp/esapi/Encryptor.html
  • Interface Executor, Jeff Williams (2007) -https://javadoc.io/doc/org.owasp.esapi/esapi/2.1.0/org/owasp/esapi/Executor.html
  • Interface HTTPUtilities, Jeff Williams (2007) -https://www.javadoc.io/doc/org.owasp.esapi/esapi/2.0.1/org/owasp/esapi/HTTPUtilities.html
  • Interface IntrusionDetector, Jeff Williams (2007) -https://javadoc.io/doc/org.owasp.esapi/esapi/2.0.1/org/owasp/esapi/IntrusionDetector.html
  • Available Online - https://www.javadoc.io/doc/org.owasp.esapi/esapi/2.1.0/org/owasp/esapi/Logger.html
  • Interface Randomizer, Jeff Williams (2007) -https://javadoc.io/doc/org.owasp.esapi/esapi/2.0.1/org/owasp/esapi/Randomizer.html
  • Interface SecurityConfiguration, Jeff Williams (2007) -https://www.javadoc.io/doc/org.owasp.esapi/esapi/2.1.0.1/org/owasp/esapi/SecurityConfiguration.html
  • Interface User, Jeff Williams (2007) -https://www.javadoc.io/doc/org.owasp.esapi/esapi/2.0.1/org/owasp/esapi/User.html
  • Interface Validator, Jeff Williams (2007) -https://www.javadoc.io/doc/org.owasp.esapi/esapi/2.0.1/org/owasp/esapi/Validator.html
  • Rodríguez, G. E., Torres, J. G., Flores, P., and Benavides, D. 2019. Cross-site scripting (XSS) attacks and mitigation: A survey. Elsevier.
  • Gedam, M. N., and Meshram, B. B. 2019. Proposed Secure Content Modeling of Web Software Model. NCRIEST, Nashik.
  • Available Online -https://javadoc.io/doc/org.owasp.esapi/esapi/2.0.1/org/owasp/esapi/AccessController.html
Index Terms
Computer Science
Information Sciences
No index terms available.
Keywords

Software Development Life Cycle OWASP Enterprise Security API SQL injection Cross-Site Scripting.

Powered by PhDFocusTM