Reducing Attack Surface of a Web Application by Open Web Application Security Project Compliance

被引：3

作者：

Goswami, Sumit ^{[1
]}

Krishnan, Nabanita R. ^{[1
]}

Mukesh ^{[1
]}

Swarnkar, Saurabh ^{[2
]}

Mahajan, Pallavi

机构：

[1] DRDO, Directorate Management Informat Syst & Technol, New Delhi, India

[2] IAP Co Pvt Ltd, Gurgaon, India

来源：

DEFENCE SCIENCE JOURNAL | 2012年 / 62卷 / 05期

关键词：

Attack surface; DRDO Intranet; project management; open web application security project; security audit; security compliance; SOFTWARE;

D O I：

10.14429/dsj.62.1291

中图分类号：

O [数理科学和化学]; P [天文学、地球科学]; Q [生物科学]; N [自然科学总论];

学科分类号：

07 ; 0710 ; 09 ;

摘要：

The attack surface of a system is the amount of application area that is exposed to the adversaries. The overall vulnerability can be reduced by reducing the attack surface of a web application. In this paper, we have considered the web components of two versions of an in-house developed project management web application and the attack surface has been calculated prior and post open web application security project (OWASP) compliance based on a security audit to determine and then compare the security of this Project Management Application. OWASP is an open community to provide free tools and guidelines for application security. It was observed that the attack surface of the software reduced by 45 per cent once it was made OWASP compliant. The vulnerable surface exposed by the code even after OWASP compliance was due to the mandatory access points left in the software to ensure accessibility over a network.

引用

页码：324 / 330

页数：7

共 50 条

[11] An explainable machine learning-based web attack detection system for industrial IoT web application security
Chakir, Oumaima
Sadqi, Yassine
Alaoui, El Arbi Abdellaoui
INFORMATION SECURITY JOURNAL, 2024,
[12] Application of OCSP in Security of Web Services
Zhang, Zhen
Li, Zhong
2012 2ND INTERNATIONAL CONFERENCE ON APPLIED ROBOTICS FOR THE POWER INDUSTRY (CARPI), 2012, : 913 - 915
[13] Web application security assessment tools
Curphey, Mark
Araujo, Rudolph
IEEE SECURITY & PRIVACY, 2006, 4 (04) : 32 - 41
[14] Web Application Security: A Pragmatic Expose
Aladi, Clement C.
DIGITAL THREATS: RESEARCH AND PRACTICE, 2024, 5 (02):
[15] A Novice Approach for Web Application Security
Doshi, Jignesh
Trivedi, Bhushan
PROCEEDINGS OF INTERNATIONAL CONFERENCE ON COMMUNICATION AND NETWORKS, 2017, 508 : 1 - 9
[16] Security Issues and Vulnerabilities in Web Application
Anumotu, Sitara
Jha, Kushagra
Balhara, Amit
Chawla, Pronika
NEXT GENERATION OF INTERNET OF THINGS, 2023, 445 : 103 - 114
[17] Web application security: CAS and beyond
Chavan, A. Maurizio
SOFTWARE AND CYBERINFRASTRUCTURE FOR ASTRONOMY V, 2018, 10707
[18] Security Analysis of Bioinformatics WEB Application
Tao, Tao
Chen, Yuan
Liu, Bijing
Jin, Xueqi
Yan, Mingyuan
Ji, Shouling
SECURITY WITH INTELLIGENT COMPUTING AND BIG-DATA SERVICES, 2020, 895 : 383 - 397
[19] Research Into the Security Threat of Web Application
Zhang, Yanling
Zhang, Ting
JOURNAL OF WEB ENGINEERING, 2022, 21 (05): : 1707 - 1726
[20] Web Application Security Tools Analysis
Alzahrani, Abdulrahman
Alqazzaz, Ali
Fu, Huirong
Almashfi, Nabil
Zhu, Ye
2017 IEEE 3RD INTERNATIONAL CONFERENCE ON BIG DATA SECURITY ON CLOUD (BIGDATASECURITY, IEEE 3RD INTERNATIONAL CONFERENCE ON HIGH PERFORMANCE AND SMART COMPUTING, (HPSC) AND 2ND IEEE INTERNATIONAL CONFERENCE ON INTELLIGENT DATA AND SECURITY (IDS), 2017, : 237 - 242

← 1 2 3 4 5 →