Advertisement

Defending Approach against Forceful Browsing in Web Applications

  • K. Padmaja
  • K. Nageswara Rao
  • J. V. R. Murthy
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 249)

Abstract

Web Applications have become crucial components in providing services on the internet. But at the same time, vulnerabilities are effecting the functioning of web applications severely. Web Applications may expose organizations to significant risk if they are not properly protected. Several hardware dependent solutions are there.But hardware maintenance is big problem. This paper proposes a new approach of locking the restricted or confidential pages with authentication page. This would prevent the unauthorised direct access of the restricted pages by the malicious user, then by keeping the confidential information secure.

Keywords

Web application Forceful browsing WAF Security Lattice 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Benjamin Livshits, V., Lam, M.S.: Stanford University. Finding Vulnerabilities in Java Application with Static analysisGoogle Scholar
  2. 2.
    Joachims, T., Granka, L., Pan, B., Hembrooke, H., Radlinski, F., Gay, G.: Evaluating the accuracy of implicit feedback from clicks and query reformulations in Web search. ACM Transactions on Information Systems 25(2), 1–27 (2007)CrossRefGoogle Scholar
  3. 3.
    Gerstel, O., Kutten, S., SanyLaber, E., Matichin, R., Peleg, D., Souza, C.: Reducing Human Interactions in Web Directory Searches. ACM Transactions on Information Systems 25(4), Article 20, 20–27 (2007)Google Scholar
  4. 4.
    Shehab, M., Bhattacharya, K., Watson, T.J., Ghafoor, A.: Web Services Discovery In Secure Collaboration Environments. ACM Transactions on Internet Technology 8(1), Article 5, 5–22 (2007)Google Scholar
  5. 5.
    Web Application Security, WikipediaGoogle Scholar
  6. 6.
    Lattice-based acess control, WikipediaGoogle Scholar
  7. 7.
    Eirinaki, M., Vazirgiannis, M.: Web Site Personalization Based On Link Analysis And Navigational Patterns. ACM Transactions on Internet Technology 7(4), Article 21, 21–27 (2007)Google Scholar
  8. 8.
    Anand, S.S., Kearney, P., Shapcott, M.: Generating Semantically Enriched User Profiles for Web Personalization. ACM Transactions on Internet Technology 7(4), Article 22, 22–26 (2007)Google Scholar
  9. 9.
    Auronen, L.: Helsinki University of Technology, Telecommunications Software and Multimedia Laboratory. Tool-Based Approach to Assessing Web Application SecurityGoogle Scholar
  10. 10.
    Desmet, L., Verbaeten, P., Joosen, W., Piessens, F.: Provable Protection Against Web Application Vulnerabilities Related To Session Data Dependencies. IEEE Transactions on Software Engineering 34(1), 50–64 (2008)CrossRefGoogle Scholar
  11. 11.
    webSSARI, WikipediaGoogle Scholar
  12. 12.
    Snelting, G.: Software Engineering based on concept of latticesGoogle Scholar
  13. 13.
    Song, H.-G., Kim, Y., Doh, K.-G.: Automatic Detection of Access Control vulnerabilities in Web applications by URL Crawling and Forced BrowsingGoogle Scholar
  14. 14.
    Song, H.-G., Kim, Y., Doh, K.-G.: Automatic Detection of Access Control vulnerabilities in Web applications by URL Crawling and Forced BrowsingGoogle Scholar
  15. 15.
    Kanchi, P., Heera Singh, B., Nageswara Rao, K., Murthy, J.V.R.: Hardware Independent Protection against Vulnerabilities in Web Applications. In: NCATS 2012 (2012)Google Scholar
  16. 16.
    Denning, D.E.: A lattice model of secure information flow. ACM, New York (1976) Google Scholar
  17. 17.
    Sandhu, R.S.: Lattice-based access control models, vol. 26. IEEE computer (1993)Google Scholar
  18. 18.
    Coates, R.F.W., Janacek, G.J., Lever, K.V.: Monte Carlo Simulation and Random Number Generation. IEEE Journal on Selected Areas in Communications 6(1), 58–66 (1988)CrossRefGoogle Scholar
  19. 19.
    Han, T.S., Hoshi, M.: Interval Algorithm for Random Number Generation. IEEE Transactions on Information Theory 43(2), 599–611 (1997)MathSciNetCrossRefMATHGoogle Scholar
  20. 20.
    Clewett, J.: Random Numbers. Numberphile. Brady HaranGoogle Scholar
  21. 21.
    Khare, R.: Anatomy of a URL. IEEE Internet Computing, 78–81(September/October 1999)Google Scholar
  22. 22.
    Meier, J.D.: Web Application Security Engineering. IEEE Security & Privacy, 16–24 (2006)Google Scholar
  23. 23.
    Ofuonye, E., Beatty, P., Reay, I., Dick, S., Miller, J.: How Do We Build Trust Into E-Commerce Web Sites? IEEE Software, 7–9 (2008)Google Scholar
  24. 24.
    Humeau, P., Jung, M. In: depth benchmark of 12 ecommerce solutions (June 21, 2013)Google Scholar
  25. 25.
    Rossi, G., Schwabe, D.: Object-Oriented Design Structures in Web Application Models. In: Annals of Software Engineering, vol. 13, pp. 97–110. Kluwer Academic Publishers (2002)Google Scholar
  26. 26.
    Ricca, F., Tonella, P.: Testing Processes Of Web Applications. In: Annals of Software Engineering, vol. 14, pp. 93–114. Kluwer Academic Publishers (2002)Google Scholar
  27. 27.
    Läufer, K.: A Hike Through Post-EJB J2EE Web Application Architecture. In: IEEE Computing in Science & Engineering, pp. 80–88 (2005)Google Scholar
  28. 28.
    Farrell, S.: Password Policy Purgatory. IEEE Internet Computing, 84–87 (2008)Google Scholar
  29. 29.
    Bellovin, S.M., Cheswick, W.R.: Network Firewalls. IEEE Communications Magazine, 50–57 (September 1994)Google Scholar
  30. 30.
    Kanchi, P., Nageswara Rao, K.: A Preventive Approch against vulnerabilities in Web Applications. In: ARIES 2012 (2012)Google Scholar
  31. 31.
    Desmet, L., Piessens, F., Joosen, W., Verbaeten, P.: Bridging the Gap between Web Application Firewalls and Web Applications. In: Proceedings of The Fourth ACM Workshop On Formal Methods in Security, pp. 67–77 (2006)Google Scholar
  32. 32.
    Bayross, I.: SQL, PL/SQL – The programming language of Oracle. BPB Publications (2006)Google Scholar
  33. 33.
    Random Number generators, Science DailyGoogle Scholar
  34. 34.
    Web Applications (November 17, 2008), http://en.wikipedia.org/Wiki/web_application
  35. 35.
    Web Application Firewalls (January 28, 2009), www.owasp.org/index.php/web_application_firewall
  36. 36.
    Broken links of Web pages (February 6, 2009), www.sigchi.org/web/chi97testing/ricknote.html
  37. 37.
    Random number generation (February 24, 2009), www.random.org/integers
  38. 38.
    Meadows, C.: Applications of Lattices To Computer Security, http://chacs.nrl.navy.mil
  39. 39.
    Access Control Matrix, http://en.wikipedia.org/wiki/Access_Control_Matrix (accessed February 2009)
  40. 40.
    Stamp, M.: Information Security Principles and Practice. John Wiley & Sons Inc., NJ (2006)Google Scholar
  41. 41.
    Random number, WikipediaGoogle Scholar
  42. 42.
    New Approach to Generating Truly Random Numbers May Improve Internet Security, Weather Forecasts, Science Daily Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • K. Padmaja
    • 1
  • K. Nageswara Rao
    • 2
  • J. V. R. Murthy
    • 3
  1. 1.Dr. B.R.A GMR PolytechnicRajahmundryIndia
  2. 2.PSCMR College of Engineering & TechnologyVijayawadaIndia
  3. 3.Dept. Of CSEJNTUKakinadaIndia

Personalised recommendations