Security Enhancements for Web-Based Applications

Hiremath, Shivanand B.; Saigaonkar, Sameer S.

doi:10.1007/978-0-387-85437-3_34

Shivanand B. Hiremath⁴ &
Sameer S. Saigaonkar⁵

Part of the book series: Lecture Notes in Electrical Engineering ((LNEE,volume 28))

584 Accesses

Abstract

Web applications use inputs from Hypertext Transfer Protocol (HTTP) requests sent by the users to determine the response. Attackers can tamper with any part of the HTTP request, including the Uniform Resource Locator (URL), query string, headers, cookies, form fields and hidden fields and attempt to bypass the application’s security mechanisms. Common input-tampering attacks include forced browsing, command insertions, cross-site scripting, buffer overflows, format string attacks, Structured Query Language (SQL) injection, cookie poisoning and hidden field manipulation. In this paper, we have proposed an algorithm to detect hidden fields, the form fields and URL parameters manipulation and the algorithm is implemented in Java Server Pages (JSPTM). Security aspects are illustrated with fine remarks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 169.00; Price excludes VAT (USA)

Softcover Book: USD 219.99; Price excludes VAT (USA)

Hardcover Book: USD 219.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

Schneier B (1996) Applied cryptography. John Wiley, New York
Google Scholar
Singh Inderjeet, Stearns Beth, Johnson Mark, and the Enterprise Team (2002) Designing Enterprise Applications with the J2EE™ Platform. 2nd edn. Addison-Wesley, Michigan
Google Scholar
Graff MG, van Wyk KR (2002) Secure coding. O’Reilly & Associates, California
Google Scholar
Smith RE (1999) Internet cryptography. Addison-Wesley, Michigan
Google Scholar
Venkatramanayya S, Bishop M (2006) Introduction to computer security. Addison–Wesley, Michigan
Google Scholar
CERT advisory CA-2000-02. http://www.cert.org/advisories/CA-2000-02.html
Hidden form field vulnerability. White papers (InfoSec Labs), http://www.infoseclabs.com/mschff/mschff.htm
Preventing HTML form tampering. http://advosys.ca/papers/form-tampering.html
World Wide Web security FAQ. http://www.w3.org/Security/Faq/www-security-faq.html

Download references

Author information

Authors and Affiliations

National Institute of Industrial Engineering, Mumbai, India
Shivanand B. Hiremath
Diploma in Industrial Engineering, National Institute of Industrial Engineering, Mumbai, India
Sameer S. Saigaonkar

Authors

Shivanand B. Hiremath
View author publications
You can also search for this author in PubMed Google Scholar
Sameer S. Saigaonkar
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Military Institutes of University, Hellenic Naval Academy, Leoforos Chatzikyriakou, Piraeus, 185 39, Greece
Nikos Mastorakis
Dept. Theoretical Electrical, Technical University of Sofia, Kl. Ohridski St. 8, Sofia, 1000, Bulgaria
Valeri Mladenov
Roumelis 6, Vrilissia, 152 35, Greece
Vassiliki T. Kontargyri

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Hiremath, S.B., Saigaonkar, S.S. (2009). Security Enhancements for Web-Based Applications. In: Mastorakis, N., Mladenov, V., Kontargyri, V. (eds) Proceedings of the European Computing Conference. Lecture Notes in Electrical Engineering, vol 28. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-85437-3_34

Download citation

DOI: https://doi.org/10.1007/978-0-387-85437-3_34
Published: 28 February 2009
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-84818-1
Online ISBN: 978-0-387-85437-3
eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics