IJARCCE - Computer and Communication Engineering

Abstract

The World Wide Web (WWW) is delivering a broad range of sophisticated web applications for business, net banking, online shopping etc., However, many web applications go through fast development phases with short time, making it difficult to eliminate vulnerabilities. This kind of Web applications are target of hackers. From an application point of view, vulnerability identification are critical and often over looked as a source of risk. OWASP develop tools and best practices to support developers in the development and operation of secure web applications. According to OWASP, Web applications vulnerable to attacks such as SQL injection and Cross-Site Scripting, Cross Site Request Forgery, Broken Authentication and Session management as mention below. In this paper we focus mainly on some of the security risks listed by OWASP top ten, such as Cross-site scripting, Cross-site request forgery, Authorization, as well as client side Validations. For the realization of this paper, the new security framework helps to make the applications more secure against these risks. In this paper we are implementing identification of vulnerabilities of web application i.e., SQLI, CSRF, XSS and Broken Authentication and session management, Insecure Cryptographic Storage, Insecure Direct Object References, Failure to Restrict URL Access, Unvalidated Redirects and Forwards etc., to find out their prevention strategies over existing web application. The main objective of this paper is to create a secure web application that provide security when user is login or while user is logged on. Web application must be secure from the attacks that are listed in above section and show how these attacks are used to compromise user identity and credentials. In this paper we are proposing a framework for building secure and anti-theft web applications that must be secure from above listed attacks by improving existing web prevention techniques.