CFP last date
20 November 2024
Reseach Article

Web Application Top 10 OWASP Attacks and Defence Mechanism

by Madhuri N. Gedam, Bandu B. Meshram
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 185 - Number 30
Year of Publication: 2023
Authors: Madhuri N. Gedam, Bandu B. Meshram
10.5120/ijca2023923062

Madhuri N. Gedam, Bandu B. Meshram . Web Application Top 10 OWASP Attacks and Defence Mechanism. International Journal of Computer Applications. 185, 30 ( Aug 2023), 36-45. DOI=10.5120/ijca2023923062

@article{ 10.5120/ijca2023923062,
author = { Madhuri N. Gedam, Bandu B. Meshram },
title = { Web Application Top 10 OWASP Attacks and Defence Mechanism },
journal = { International Journal of Computer Applications },
issue_date = { Aug 2023 },
volume = { 185 },
number = { 30 },
month = { Aug },
year = { 2023 },
issn = { 0975-8887 },
pages = { 36-45 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume185/number30/32886-2023923062/ },
doi = { 10.5120/ijca2023923062 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-07T01:27:30.187857+05:30
%A Madhuri N. Gedam
%A Bandu B. Meshram
%T Web Application Top 10 OWASP Attacks and Defence Mechanism
%J International Journal of Computer Applications
%@ 0975-8887
%V 185
%N 30
%P 36-45
%D 2023
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Enterprise Security API (ESAPI) is a security framework developed by the Open Web Application Security Project (OWASP) to help developers to build secure applications. ESAPI can generally help in securing web applications against various types of vulnerabilities. By incorporating ESAPI into web application development, developers can leverage its secure coding practices, libraries, and APIs to address various vulnerabilities that may be part of the OWASP Top 10 2023 attacks. The research explores the development of web based application with vulnerabilities and then OWASP Top 10 Attacks are made on it. The same web application is recoded by embedding ESAPI and the Top 10 attacks are made on this application. It is found that due to security provided into the web applications, attacks can not be made on the web application. However, it's important to stay updated with the latest security guidelines and recommendations from OWASP to ensure maximum protection against emerging threats.

References
  1. Elder, S. E., Zahan, N., Kozarev, V., Shu, R., Menzies, T., and Williams, L. 2021. Structuring a Comprehensive Software Security Course Around the OWASP Application Security Verification Standard. IEEE/ACM 43rd International Conference on Software Engineering: Software Engineering Education and Training (ICSESEET), 95-104.
  2. Marchand-Melsom, A., and Mai, D. B. N. 2020. Automatic repair of OWASP Top 10 security vulnerabilities: A survey. IEEE/ACM 42nd International Conference on Software Engineering Workshops (ICSEW’20), Seoul, 23-30.
  3. Spoto, F., Burato, E., Ernst, M. D., Ferrara, P., Lovato, A., Macedonio, D., Spiridon, C. 2019. Static Identification of Injection Attacks in Java. ACM Transactions on Programming Languages and Systems, Vol. 41, No. 3, 18-58.
  4. Gedam, M. N., and Meshram, B. B. 2022. Proposed Secure 3-Use Case Diagram. International Journal of Systems and Software Security and Protection, Volume 13, Issue 1, IGI Global.
  5. Gedam, M. N., and Meshram, B. B. 2019. Vulnerabilities & Attacks in SRS for Object-Oriented Software Development. Lecture Notes in Engineering and Computer Science: Proceedings of The World Congress on Engineering and Computer Science, 94-99.
  6. Lala, S. K., Kumar, A., Subbulakshmi, T. 2021. Secure Web development using OWASP Guidelines. International Conference on Intelligent Computing and Control Systems(ICICCS), 323-332.
  7. Brown, L. D., Hua, H., and Gao, C. 2003. A widget framework for augmented interaction in SCAPE.
  8. Ingle, D.R., and Meshram, B. B. 2012. Attacks on Web Based Software And Modelling Defence Mechanisms. International Journal of UbiComp.
  9. Chavan, S. B., and Meshram, B. B. 2013. Classification of web application vulnerabilities. International Journal of Engineering Science and Innovative Technology (IJESIT).
  10. Khochare, N., Chalurkar, S., and Meshram, B. B. 2012. Survey on Web Application Vulnerabilities Prevention Tools. International Journal of Managment, IT and Engineering.
  11. Available Online - https://www.javadoc.io/doc/org.owasp.esapi/esapi/2.0.1/org/owasp/esapi/AccessReferenceMap.html
  12. Available Online - https://www.javadoc.io/static/org.owasp.esapi/esapi/2.0.1/index.html?org/owasp/esapi/Authenticator.html
  13. Interface Encoder, Jeff Williams (2007) - https://www.javadoc.io/doc/org.owasp.esapi/esapi/2.0.1/org/owasp/esapi/Encoder.html
  14. OWASP Enterprise Security API - https://owasp.org/www-project-enterprise-security-api/
  15. Interface Encrypter, Jeff Williams (2007) -https://javadoc.io/doc/org.owasp.esapi/esapi/2.0.1/org/owasp/esapi/Encryptor.html
  16. Interface Executor, Jeff Williams (2007) -https://javadoc.io/doc/org.owasp.esapi/esapi/2.1.0/org/owasp/esapi/Executor.html
  17. Interface HTTPUtilities, Jeff Williams (2007) -https://www.javadoc.io/doc/org.owasp.esapi/esapi/2.0.1/org/owasp/esapi/HTTPUtilities.html
  18. Interface IntrusionDetector, Jeff Williams (2007) -https://javadoc.io/doc/org.owasp.esapi/esapi/2.0.1/org/owasp/esapi/IntrusionDetector.html
  19. Available Online - https://www.javadoc.io/doc/org.owasp.esapi/esapi/2.1.0/org/owasp/esapi/Logger.html
  20. Interface Randomizer, Jeff Williams (2007) -https://javadoc.io/doc/org.owasp.esapi/esapi/2.0.1/org/owasp/esapi/Randomizer.html
  21. Interface SecurityConfiguration, Jeff Williams (2007) -https://www.javadoc.io/doc/org.owasp.esapi/esapi/2.1.0.1/org/owasp/esapi/SecurityConfiguration.html
  22. Interface User, Jeff Williams (2007) -https://www.javadoc.io/doc/org.owasp.esapi/esapi/2.0.1/org/owasp/esapi/User.html
  23. Interface Validator, Jeff Williams (2007) -https://www.javadoc.io/doc/org.owasp.esapi/esapi/2.0.1/org/owasp/esapi/Validator.html
  24. Rodríguez, G. E., Torres, J. G., Flores, P., and Benavides, D. 2019. Cross-site scripting (XSS) attacks and mitigation: A survey. Elsevier.
  25. Gedam, M. N., and Meshram, B. B. 2019. Proposed Secure Content Modeling of Web Software Model. NCRIEST, Nashik.
  26. Available Online -https://javadoc.io/doc/org.owasp.esapi/esapi/2.0.1/org/owasp/esapi/AccessController.html
Index Terms

Computer Science
Information Sciences

Keywords

Software Development Life Cycle OWASP Enterprise Security API SQL injection Cross-Site Scripting.