Reducing Attack Surface of a Web Application by Open Web Application Security Project Compliance

被引：3

作者：

Goswami, Sumit ^{[1
]}

Krishnan, Nabanita R. ^{[1
]}

Mukesh ^{[1
]}

Swarnkar, Saurabh ^{[2
]}

Mahajan, Pallavi

机构：

[1] DRDO, Directorate Management Informat Syst & Technol, New Delhi, India

[2] IAP Co Pvt Ltd, Gurgaon, India

来源：

DEFENCE SCIENCE JOURNAL | 2012年 / 62卷 / 05期

关键词：

Attack surface; DRDO Intranet; project management; open web application security project; security audit; security compliance; SOFTWARE;

D O I：

10.14429/dsj.62.1291

中图分类号：

O [数理科学和化学]; P [天文学、地球科学]; Q [生物科学]; N [自然科学总论];

学科分类号：

07 ; 0710 ; 09 ;

摘要：

The attack surface of a system is the amount of application area that is exposed to the adversaries. The overall vulnerability can be reduced by reducing the attack surface of a web application. In this paper, we have considered the web components of two versions of an in-house developed project management web application and the attack surface has been calculated prior and post open web application security project (OWASP) compliance based on a security audit to determine and then compare the security of this Project Management Application. OWASP is an open community to provide free tools and guidelines for application security. It was observed that the attack surface of the software reduced by 45 per cent once it was made OWASP compliant. The vulnerable surface exposed by the code even after OWASP compliance was due to the mandatory access points left in the software to ensure accessibility over a network.

引用

页码：324 / 330

页数：7

共 50 条

[21] A Review on Application Security Management Using Web Application Security Standards
Phanindra, A. Rakesh
Narasimha, V. B.
PhaniKrishna, Ch, V
SOFTWARE ENGINEERING (CSI 2015), 2019, 731 : 477 - 486
[22] Web Application Attack Detection and Forensics: A Survey
Babiker, Mohammed
Karaarslan, Enis
Hoscan, Yasar
2018 6TH INTERNATIONAL SYMPOSIUM ON DIGITAL FORENSIC AND SECURITY (ISDFS), 2018, : 344 - 349
[23] Analysis of web application security mechanism and attack detection using vulnerability injection technique
Bhor, R. V.
Khanuja, H. K.
2016 INTERNATIONAL CONFERENCE ON COMPUTING COMMUNICATION CONTROL AND AUTOMATION (ICCUBEA), 2016,
[24] A Study on Web Application Security and Detecting Security Vulnerabilities
Kumar, Sandeep
Mahajan, Renuka
Kumar, Naresh
Khatri, Sunil Kumar
2017 6TH INTERNATIONAL CONFERENCE ON RELIABILITY, INFOCOM TECHNOLOGIES AND OPTIMIZATION (TRENDS AND FUTURE DIRECTIONS) (ICRITO), 2017, : 451 - 455
[25] Application of web service security architecture in enterprise application integration
Ye, Jun
Li, Zhishu
Ma, Yanyan
Sixth Wuhan International Conference on E-Business, Vols 1-4: MANAGEMENT CHALLENGES IN A GLOBAL WORLD, 2007, : 1051 - 1057
[26] The Application of Software Testing Technology on Security in Web Application System
Zhai, Hui
Shi, Hui
Zhai, Rui
MECHATRONICS ENGINEERING, COMPUTING AND INFORMATION TECHNOLOGY, 2014, 556-562 : 6159 - 6161
[27] Research directions in Web site evolution II: Web application security
Tramontana, Porfirio
Dean, Thomas
Tilley, Scott
WSE 2007: NINTH IEEE INTERNATIONAL SYMPOSIUM ON WEB SITE EVOLUTION, PROCEEDINGS, 2007, : 105 - +
[28] Holistic Web Application Security Visualization for Multi-Project and Multi-Phase Dynamic Application Security Test Results
Sonmez, Ferda Ozdemir
Kilic, Banu Gunel
IEEE ACCESS, 2021, 9 : 25858 - 25884
[29] A Database Security Testing Scheme of Web Application
Yang Haixia
Nan Zhihong
ICCSSE 2009: PROCEEDINGS OF 2009 4TH INTERNATIONAL CONFERENCE ON COMPUTER SCIENCE & EDUCATION, 2009, : 953 - +
[30] Enhancement of Test Platform for Web Application Security
Sun, Yi
Liang, Dongyun
Wang, Wenjie
SENSORS, MECHATRONICS AND AUTOMATION, 2014, 511-512 : 1205 - 1210

← 1 2 3 4 5 →