Reducing Attack Surface of a Web Application by Open Web Application Security Project Compliance

被引：3

作者：

Goswami, Sumit ^{[1
]}

Krishnan, Nabanita R. ^{[1
]}

Mukesh ^{[1
]}

Swarnkar, Saurabh ^{[2
]}

Mahajan, Pallavi

机构：

[1] DRDO, Directorate Management Informat Syst & Technol, New Delhi, India

[2] IAP Co Pvt Ltd, Gurgaon, India

来源：

DEFENCE SCIENCE JOURNAL | 2012年 / 62卷 / 05期

关键词：

Attack surface; DRDO Intranet; project management; open web application security project; security audit; security compliance; SOFTWARE;

D O I：

10.14429/dsj.62.1291

中图分类号：

O [数理科学和化学]; P [天文学、地球科学]; Q [生物科学]; N [自然科学总论];

学科分类号：

07 ; 0710 ; 09 ;

摘要：

The attack surface of a system is the amount of application area that is exposed to the adversaries. The overall vulnerability can be reduced by reducing the attack surface of a web application. In this paper, we have considered the web components of two versions of an in-house developed project management web application and the attack surface has been calculated prior and post open web application security project (OWASP) compliance based on a security audit to determine and then compare the security of this Project Management Application. OWASP is an open community to provide free tools and guidelines for application security. It was observed that the attack surface of the software reduced by 45 per cent once it was made OWASP compliant. The vulnerable surface exposed by the code even after OWASP compliance was due to the mandatory access points left in the software to ensure accessibility over a network.

引用

页码：324 / 330

页数：7

共 50 条

[41] Models for Measuring Access Security of Web Application
Thienne Colombo, Regina Maria
Guerra, Ana Cervigni
de Paula Pessoa, Marcelo Schneck
2013 ASE/IEEE INTERNATIONAL CONFERENCE ON SOCIAL COMPUTING (SOCIALCOM), 2013, : 1030 - 1033
[42] CAPTCHAs: An Artificial Intelligence Application to Web Security
Gomez Hidalgo, Jose Maria
Alvarez, Gonzalo
ADVANCES IN COMPUTERS, VOL 83, 2011, 83 : 109 - 181
[43] Application and Research of Security Technologies in Web Services
Qi, Shuxia
2ND INTERNATIONAL CONFERENCE ON SIMULATION AND MODELING METHODOLOGIES, TECHNOLOGIES AND APPLICATIONS (SMTA 2015), 2015, : 18 - 23
[44] Improving Security of Web-Based Application Using ModSecurity and Reverse Proxy in Web Application Firewall
Muzaki, Rizki Agung
Briliyant, Obrina Candra
Hasditama, Maulana Andika
Ritchi, Hamzah
2020 5TH INTERNATIONAL WORKSHOP ON BIG DATA AND INFORMATION SECURITY (IWBIS 2020), 2020, : 89 - 94
[45] Migrating to the web a legacy application: The Sinfor project
Distante, D
Perrone, V
Bochicchio, MA
FOURTH INTERNATIONAL WORKSHOP ON WEB SITE EVOLUTION, PROCEEDINGS, 2002, : 85 - 88
[46] CRAXweb: Automatic Web Application Testing and Attack Generation
Huang, Shih-Kun
Lu, Han-Lin
Leong, Wai-Meng
Liu, Huan
2013 IEEE 7TH INTERNATIONAL CONFERENCE ON SOFTWARE SECURITY AND RELIABILITY (SERE), 2013, : 208 - 217
[47] AN ALGORITHM FOR MODERATING DOS ATTACK IN WEB BASED APPLICATION
Mary, Sophia Navis
Begum, A. Thasleema
2017 INTERNATIONAL CONFERENCE ON TECHNICAL ADVANCEMENTS IN COMPUTERS AND COMMUNICATIONS (ICTACC), 2017, : 26 - 31
[48] Web Application Attack Prevention for Tiered Internet Services
Nanda, Susanta
Lam, Lap-Chung
Chiueh, Tzi-Cker
FOURTH INTERNATIONAL SYMPOSIUM ON INFORMATION ASSURANCE AND SECURITY, PROCEEDINGS, 2008, : 186 - +
[49] GUARDING WEB APPLICATION WITH MULTI - ANGLED ATTACK DETECTION
Hazel, J. Jemi
Valarmathie, P.
Saravanan, R.
PROCEEDINGS OF THE IEEE INTERNATIONAL CONFERENCE ON SOFT-COMPUTING AND NETWORKS SECURITY (ICSNS 2015), 2015,
[50] An Efficient Approach Toward Security of Web Application Using SQL Attack Detection and Prevention Technique
Bharati, Vishal
Kumar, Arun
INVENTIVE COMPUTATION AND INFORMATION TECHNOLOGIES, ICICIT 2021, 2022, 336 : 781 - 792

← 1 2 3 4 5 →