Secure Web development using OWASP Guidelines

Abstract

Website security is a major concern for large organizations as well as individual developers, the rarer the technology used the harder it becomes to come up with secure practices for developing a website. Vulnerabilities that are not fixed during development, and are deployed as such become easy targets for hackers. This could cause the company or the individual to lose a lot of money. It is not just the developers who are affected, end users who end up on vulnerable websites may get exposed to XSS attack which could compromise their system or an unsecured configuration of database system could lead to a potential data leak and hence the password of every registered user on the website is compromised, users who use the same password on multiple websites are affected the most The motivation for this paper comes from the fact that there is an overwhelming number of vulnerabilities in any application under development and every developer, experienced or not needs a starting point to patch these vulnerabilities that might have occurred in their application, this research provides the most common vulnerabilities which should be taken care of in any application and thus provide the much-needed starting point for developers. The objective of this paper is to design and develop a secure web application according to Open Web Application Security Project (OWASP) guidelines. This paper highlights the mitigation of vulnerabilities in the web application using configuration changes, coding and applying patches. The vulnerabilities SQL injection, Broken authentication, Sensitive data exposure, Broken Access Control, and XML external entities discussed in this paper are listed under the OWASP top 10 vulnerabilities. The security of the web application is tested and proved to have defense mechanism implemented for the mentioned vulnerabilities.