Abstract
A developer must have a knowledge of secure coding to make an application secure. A secure coding knowledge is based on the integration of various techniques about exploitation and prevention of common malicious inputs to vulnerabilities of an application. The purpose of this chapter is to review recent techniques and security tools about exploitation and prevention of common malicious inputs to online apps implemented by PHP script for a developer to improve the security of web pages. This chapter supports vulnerabilities management for securing online apps.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Shiflett, C. (2006). Essential PHP security. Newton: O’Reilly Media, Inc..
PortSwigger. (2018). Cross site scripting. Retrieved October 2020, from https://portswigger.net/web-security/cross-site-scripting
Wordfence. (2018). Introduction to writing secure PHP code. Retrieved October 2020, from https://www.wordfence.com/learn/how-to-write-secure-php-code
OWASP. (2017). Command injection. Retrieved October 2020, from https://owasp.org/www-community/attacks/Command_Injection
PHP Documentation Group. (1999–2021). PHP manual. Retrieved October 2020, from https://www.php.net/manual/en/index.php
Wordfence. (2018). Understanding SQL injection attacks. Retrieved October 2020, from https://www.wordfence.com/learn/how-to-prevent-sql-injection-attacks
Gautam, B., Tripathi, J., & Singh, S. (2018). A secure coding approach for prevention of SQL injection attacks. International Journal of Applied Engineering Research, 13(11), 9874–9880.
OWASP. (2017). Cross site scripting. Retrieved October 2020, from https://owasp.org/www-community/attacks/xss
PortSwigger. (2018). Cross-site request forgery. Retrieved October 2020, from https://portswigger.net/web-security/csrf
Chen, B., Zavarsky, P., Ruhl, R., & Lindskog, D. (2011). A study of the effectiveness of CSRF guard. In Proc. 3rd International Conference on Privacy, Security, Risk, USA (pp. 1269–1272).
Sood, M., & Singh, S. (2017). SQL injection prevention technique using encryption. International Journal of Advanced Computational Engineering and Networking, 5(7), 4–7.
OWASP. (2017). Cross-site request forgery. Retrieved October 2020, from https://owasp.org/www-community/attacks/csrf
Wordfence. (2017). How to prevent cross site scripting attacks. Retrieved October 2020, from https://www.wordfence.com/learn/how-to-prevent-cross-site-scripting-attacks
OWASP. (2017). OWASP CSRF Guard. Retrieved October 2020, from https://owasp.org/www-project-csrfguard
Faircloth, J. (2016). Web applications and services. In Penetration tester’s open source toolkit (4th ed.). Elsevier Inc.
Netsparker Security Team. (2020). Anti-CSRF token. Retrieved October 2020, from https://www.netsparker.com/blog/web-security/protecting-website-using-anti-csrf-token
PortSwigger. (2018). OS command injection. Retrieved October 2020, from https://portswigger.net/web-security/os-command-injection
Mozilla. (2020). Web technology for developers. Retrieved October 2020, from https://developer.mozilla.org/en-US/docs/Web
Oo, M. M., & Aung, T. M. (2016). Defensive analysis on web-application input validation for advanced persistent threat (APT) attack. In Proc. International Conference Computer Applications. UCSY, Myanmar.
OWASP. (2017). SQL injection. Retrieved October 2020, from https://owasp.org/www-community/attacks/SQL_Injection
Абашев, А. A., Иванов, М. A., Прилуцкий, С. O., & Аунг, Т. М. (2005). Уязвимости программных систем. Научная сессия МИФИ (pp. 150–151).
PortSwigger. (2018). SQL injection. Retrieved October 2020, from https://portswigger.net/web-security/sql-injection
ACUNETIX. (2019). Local file inclusion. Retrieved October 2020, from https://www.acunetix.com/blog/articles/local-file-inclusion-lfi
Kuma, V., Patil, D., & Maurya, N. (2015). A study of attack on PHP and web security. Communications on Applied Electronics, 1(4), 1–13.
Alzahrani, A., Alqazzaz, A., Zhu, Y., Fu, H., & Almashfi, N. (2017). Web application security tools analysis. In Proc. 3rd International Conference on Big Data Security on Cloud (pp. 237–242). Beijing.
Stasinopoulos, A., Ntantogian, C., & Xenakis, C. (2019). Commix: Automating evaluation and exploitation of command injection vulnerabilities in web applications. International Journal of Information Security, 18, 49–72. Springer.
Offensive Security. (2020). File inclusion vulnerabilities. Retrieved October 2020, from https://www.offensive-security.com/metasploit-unleashed/file-inclusion-vulnerabilities
ACUNETIX. (2019). Remote file inclusion. Retrieved October 2020, from https://www.acunetix.com/blog/articles/remote-file-inclusion-rfi
Kombade, D., & Meshram, B. B. (2012). CSRF vulnerabilities and defensive techniques. International Journal of Computer Network and Information Security, 4(1), 31–37.
Liu, M., Zhang, B., Chen, W., & Zhang, X. (2019). A survey of exploitation and detection methods of XSS vulnerabilities. IEEE Access, 7, 182004–182016.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
Aung, T.M., Hla, N.N. (2021). Recent Techniques Supporting Vulnerabilities Management for Secure Online Apps. In: Daimi, K., Peoples, C. (eds) Advances in Cybersecurity Management. Springer, Cham. https://doi.org/10.1007/978-3-030-71381-2_12
Download citation
DOI: https://doi.org/10.1007/978-3-030-71381-2_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-71380-5
Online ISBN: 978-3-030-71381-2
eBook Packages: Computer ScienceComputer Science (R0)