Abstract
Web applications use inputs from Hypertext Transfer Protocol (HTTP) requests sent by the users to determine the response. Attackers can tamper with any part of the HTTP request, including the Uniform Resource Locator (URL), query string, headers, cookies, form fields and hidden fields and attempt to bypass the application’s security mechanisms. Common input-tampering attacks include forced browsing, command insertions, cross-site scripting, buffer overflows, format string attacks, Structured Query Language (SQL) injection, cookie poisoning and hidden field manipulation. In this paper, we have proposed an algorithm to detect hidden fields, the form fields and URL parameters manipulation and the algorithm is implemented in Java Server Pages (JSPTM). Security aspects are illustrated with fine remarks.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Schneier B (1996) Applied cryptography. John Wiley, New York
Singh Inderjeet, Stearns Beth, Johnson Mark, and the Enterprise Team (2002) Designing Enterprise Applications with the J2EE™ Platform. 2nd edn. Addison-Wesley, Michigan
Graff MG, van Wyk KR (2002) Secure coding. O’Reilly & Associates, California
Smith RE (1999) Internet cryptography. Addison-Wesley, Michigan
Venkatramanayya S, Bishop M (2006) Introduction to computer security. Addison–Wesley, Michigan
CERT advisory CA-2000-02. http://www.cert.org/advisories/CA-2000-02.html
Hidden form field vulnerability. White papers (InfoSec Labs), http://www.infoseclabs.com/mschff/mschff.htm
Preventing HTML form tampering. http://advosys.ca/papers/form-tampering.html
World Wide Web security FAQ. http://www.w3.org/Security/Faq/www-security-faq.html
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer Science+Business Media, LLC
About this paper
Cite this paper
Hiremath, S.B., Saigaonkar, S.S. (2009). Security Enhancements for Web-Based Applications. In: Mastorakis, N., Mladenov, V., Kontargyri, V. (eds) Proceedings of the European Computing Conference. Lecture Notes in Electrical Engineering, vol 28. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-85437-3_34
Download citation
DOI: https://doi.org/10.1007/978-0-387-85437-3_34
Published:
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-84818-1
Online ISBN: 978-0-387-85437-3
eBook Packages: EngineeringEngineering (R0)