Home            Contact us            FAQs
    
      Journal Home      |      Aim & Scope     |     Author(s) Information      |      Editorial Board      |      MSP Download Statistics

     Research Journal of Applied Sciences, Engineering and Technology

Research Article   |   OPEN ACCESS

Improving Web Application Security Using Penetration Testing

1D. SriNithi, 1G. Elavarasi, 1T.F. Michael Raj and 2P. Sivaprakasam
1Department of CSE, SRC, SASTRA University, Thanjavur, Tamil Nadu, India
2Department of CS, Sri Vasavi College, Erode, India
Research Journal of Applied Sciences, Engineering and Technology  2014  5:658-663
http://dx.doi.org/10.19026/rjaset.8.1019  |  © The Author(s) 2014
Received: May ‎09, ‎2014  |  Accepted: June ‎16, ‎2014  |  Published: August 05, 2014
Back to issue  |  PDF   |   HTML

Abstract

The main issues of current web application is easily hacking the user information by unauthorized person. The development of entire web application depends on scripting languages that easily displays the user authentication code to the web browser. All code must be transferred through query string parameter (URL) of the web application. This kind of application security fails when verifying it by penetration testing which is based on XSS languages. This study overcomes the security issues by developing a web application based on cross site scripting technique which the user codes are encrypted using RSA algorithm and cookies, cross domain verification based on encrypted use code. XSS vulnerabilities come in different forms and may be categorized into two varieties: reflected and stored. Reflected is on type of attack which can be performed against applications that employ a dynamic page error message to users. Stored XSS vulnerability appears when data submitted by one user is store in the application or in the back-end database. The user cookies of the web browser store only the encrypted key values. These techniques applied in Enterprise web application it support multiple organization for processing product purchase order, sales order and invoice details.

Keywords:

Penetration testing , security issues , threats in web applications , web application testing,

References

  1. Aileen, G.B., Y. Xiaohong, B.C. Bei-Tseng and J. Monique, 2011. An overview of penetration testing. Int. J. Netw. Secur. Appl., 3(6).
  2. Cova, M., V. Felmetsger and G. Vigna, 2007. Vulnerability Analysis of Web Applications. In: Baresi, L. and E. Dinitto (Eds.), Testing and Analysis of Web Services. Springer, Heidelberg.
    CrossRef    
  3. Fu, C. and Z. Zhi-Liang, 2008. An efficient implementation of RSA digital signature algorithm. Proceeding of the 4th International Conference on Wireless Communications, Networking and Mobile Computing (WiCOM'08), pp: 1-4.
    CrossRef    
  4. Halfond, W.G.J. and A. Orso, 2005. AMNESIA: Analysis and monitoring for neutralizing SQL-injection attacks. Proceeding of the 20th IEEE/ACM International Conference on Automated Software Engineering, pp: 174-183.
    CrossRef    
  5. Halfond, W.G.J. and A. Orso, 2007. Improving test case generation for web applications using automated interface discovery. Proceedings of the the 6th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering, pp: 145-154.
    CrossRef    
  6. Halfond, W., A. Orso and P. Manolios, 2008. WASP: Protecting web applications using positive tainting and syntax-aware evaluation. IEEE T. Software Eng., 34(1): 65-81.
    CrossRef    
  7. Halfond, W.G.J., S.R. Choudhary and A. Orso, 2009. Penetration testing with improved input vector identification. Proceeding of the International Conference on Software Testing Verification and Validation (ICST'09), pp: 346-355.
    CrossRef    
  8. Lebeau, F., L. Bruno, P. Fabien and V. Alexandre, 2013. Model-based vulnerability testing for web applications. Proceeding of the IEEE 6th International Conference on Software Testing, Verification and Validation Workshops (ICSTW, 2013), pp: 445-452.
    CrossRef    
  9. McGraw, G., 2006. Software Security: Building Security in. Addison Wesley, Upper Saddle River, NJ.
  10. Pateriya, R.K., J.L. Rana, S.C. Shrivastava and P. Jaideep, 2009. A proposed algorithm to improve security & efficiency of SSL-TLS servers using batch RSA decryption. Int. J. Comput. Sci. Inform. Secur., 3(1).
  11. Pietraszek, T. and C.V. Berghe, 2005. Defending against injection attacks through context-sensitive string evaluation. Proceeding of the 8th International Symposium on Recent Advances in Intrusion Detection, pp: 124-145.
  12. Saindane, M., 2011. Penetration Testing: A Systematic Approach.
    Direct Link
  13. Su, Z. and G. Wassermann, 2006. The essence of command injection attacks in web applications. ACM SIGPLAN Notices, 41(1): 372-382.
    CrossRef    

Competing interests

The authors have no competing interests.

Open Access Policy

This article is distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution, and reproduction in any medium, provided you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license, and indicate if changes were made.

Copyright

The authors have no competing interests.
ISSN (Online):  2040-7467
ISSN (Print):   2040-7459
Submit Manuscript
   Information
   Sales & Services
Home   |  Contact us   |  About us   |  Privacy Policy
Copyright © 2024. MAXWELL Scientific Publication Corp., All rights reserved