Defensive programming: Developing a web application with a secure coding practices

Abstract

Web Application Development has shown progressive and rapid growth using various techniques. Nonetheless, web application security is a major component in web development that is often overlooked or not properly focused on. Due to ad hoc existence and poor code written, most available web applications are vulnerable and desirable target for the attackers. To alleviate this issue, the use of defensive programming basic technique allows the developers to develop secure applications. Defensive programming includes validate output and correctly manages error messages. This avoids the misuse of snippets and builds the program in a consistent way despite unpredictable inputs. The purpose of this paper is twofold. Firstly, this paper discussed the development of a web application program using PHP as server-side scripting exploiting defensive programming techniques to overwhelm web application vulnerabilities. Secondly, this paper examined common vulnerabilities of web application risks refer to Open Web Application Security Project to validate the effectiveness of defensive programming technique. The work presented in this paper shall be a fundamental guideline for the development of secure web-based applications.