Web Application Top 10 OWASP Attacks and Defence Mechanism

Madhuri N. Gedam; Bandu B. Meshram

Research Article

Web Application Top 10 OWASP Attacks and Defence Mechanism

by Madhuri N. Gedam, Bandu B. Meshram

International Journal of Computer Applications

Foundation of Computer Science (FCS), NY, USA

Volume 185 - Issue 30

Published: Aug 2023

Authors: Madhuri N. Gedam, Bandu B. Meshram

10.5120/ijca2023923062

PDF

Madhuri N. Gedam, Bandu B. Meshram . Web Application Top 10 OWASP Attacks and Defence Mechanism. International Journal of Computer Applications. 185, 30 (Aug 2023), 36-45. DOI=10.5120/ijca2023923062

                        @article{ 10.5120/ijca2023923062,
                        author  = { Madhuri N. Gedam,Bandu B. Meshram },
                        title   = { Web Application Top 10 OWASP Attacks and Defence Mechanism },
                        journal = { International Journal of Computer Applications },
                        year    = { 2023 },
                        volume  = { 185 },
                        number  = { 30 },
                        pages   = { 36-45 },
                        doi     = { 10.5120/ijca2023923062 },
                        publisher = { Foundation of Computer Science (FCS), NY, USA }
                        }

                        %0 Journal Article
                        %D 2023
                        %A Madhuri N. Gedam
                        %A Bandu B. Meshram
                        %T Web Application Top 10 OWASP Attacks and Defence Mechanism%T 
                        %J International Journal of Computer Applications
                        %V 185
                        %N 30
                        %P 36-45
                        %R 10.5120/ijca2023923062
                        %I Foundation of Computer Science (FCS), NY, USA

Abstract

Enterprise Security API (ESAPI) is a security framework developed by the Open Web Application Security Project (OWASP) to help developers to build secure applications. ESAPI can generally help in securing web applications against various types of vulnerabilities. By incorporating ESAPI into web application development, developers can leverage its secure coding practices, libraries, and APIs to address various vulnerabilities that may be part of the OWASP Top 10 2023 attacks. The research explores the development of web based application with vulnerabilities and then OWASP Top 10 Attacks are made on it. The same web application is recoded by embedding ESAPI and the Top 10 attacks are made on this application. It is found that due to security provided into the web applications, attacks can not be made on the web application. However, it's important to stay updated with the latest security guidelines and recommendations from OWASP to ensure maximum protection against emerging threats.

References

Elder, S. E., Zahan, N., Kozarev, V., Shu, R., Menzies, T., and Williams, L. 2021. Structuring a Comprehensive Software Security Course Around the OWASP Application Security Verification Standard. IEEE/ACM 43rd International Conference on Software Engineering: Software Engineering Education and Training (ICSESEET), 95-104.
Marchand-Melsom, A., and Mai, D. B. N. 2020. Automatic repair of OWASP Top 10 security vulnerabilities: A survey. IEEE/ACM 42nd International Conference on Software Engineering Workshops (ICSEW’20), Seoul, 23-30.
Spoto, F., Burato, E., Ernst, M. D., Ferrara, P., Lovato, A., Macedonio, D., Spiridon, C. 2019. Static Identification of Injection Attacks in Java. ACM Transactions on Programming Languages and Systems, Vol. 41, No. 3, 18-58.
Gedam, M. N., and Meshram, B. B. 2022. Proposed Secure 3-Use Case Diagram. International Journal of Systems and Software Security and Protection, Volume 13, Issue 1, IGI Global.
Gedam, M. N., and Meshram, B. B. 2019. Vulnerabilities & Attacks in SRS for Object-Oriented Software Development. Lecture Notes in Engineering and Computer Science: Proceedings of The World Congress on Engineering and Computer Science, 94-99.
Lala, S. K., Kumar, A., Subbulakshmi, T. 2021. Secure Web development using OWASP Guidelines. International Conference on Intelligent Computing and Control Systems(ICICCS), 323-332.
Brown, L. D., Hua, H., and Gao, C. 2003. A widget framework for augmented interaction in SCAPE.
Ingle, D.R., and Meshram, B. B. 2012. Attacks on Web Based Software And Modelling Defence Mechanisms. International Journal of UbiComp.
Chavan, S. B., and Meshram, B. B. 2013. Classification of web application vulnerabilities. International Journal of Engineering Science and Innovative Technology (IJESIT).
Khochare, N., Chalurkar, S., and Meshram, B. B. 2012. Survey on Web Application Vulnerabilities Prevention Tools. International Journal of Managment, IT and Engineering.
Available Online - https://www.javadoc.io/doc/org.owasp.esapi/esapi/2.0.1/org/owasp/esapi/AccessReferenceMap.html
Available Online - https://www.javadoc.io/static/org.owasp.esapi/esapi/2.0.1/index.html?org/owasp/esapi/Authenticator.html
Interface Encoder, Jeff Williams (2007) - https://www.javadoc.io/doc/org.owasp.esapi/esapi/2.0.1/org/owasp/esapi/Encoder.html
OWASP Enterprise Security API - https://owasp.org/www-project-enterprise-security-api/
Interface Encrypter, Jeff Williams (2007) -https://javadoc.io/doc/org.owasp.esapi/esapi/2.0.1/org/owasp/esapi/Encryptor.html
Interface Executor, Jeff Williams (2007) -https://javadoc.io/doc/org.owasp.esapi/esapi/2.1.0/org/owasp/esapi/Executor.html
Interface HTTPUtilities, Jeff Williams (2007) -https://www.javadoc.io/doc/org.owasp.esapi/esapi/2.0.1/org/owasp/esapi/HTTPUtilities.html
Interface IntrusionDetector, Jeff Williams (2007) -https://javadoc.io/doc/org.owasp.esapi/esapi/2.0.1/org/owasp/esapi/IntrusionDetector.html
Available Online - https://www.javadoc.io/doc/org.owasp.esapi/esapi/2.1.0/org/owasp/esapi/Logger.html
Interface Randomizer, Jeff Williams (2007) -https://javadoc.io/doc/org.owasp.esapi/esapi/2.0.1/org/owasp/esapi/Randomizer.html
Interface SecurityConfiguration, Jeff Williams (2007) -https://www.javadoc.io/doc/org.owasp.esapi/esapi/2.1.0.1/org/owasp/esapi/SecurityConfiguration.html
Interface User, Jeff Williams (2007) -https://www.javadoc.io/doc/org.owasp.esapi/esapi/2.0.1/org/owasp/esapi/User.html
Interface Validator, Jeff Williams (2007) -https://www.javadoc.io/doc/org.owasp.esapi/esapi/2.0.1/org/owasp/esapi/Validator.html
Rodríguez, G. E., Torres, J. G., Flores, P., and Benavides, D. 2019. Cross-site scripting (XSS) attacks and mitigation: A survey. Elsevier.
Gedam, M. N., and Meshram, B. B. 2019. Proposed Secure Content Modeling of Web Software Model. NCRIEST, Nashik.
Available Online -https://javadoc.io/doc/org.owasp.esapi/esapi/2.0.1/org/owasp/esapi/AccessController.html

Index Terms

Computer Science

Information Sciences

No index terms available.

Keywords

Software Development Life Cycle OWASP Enterprise Security API SQL injection Cross-Site Scripting.