A Study of major secure SDLC processes in web based applications
-
2018-03-10 https://doi.org/10.14419/ijet.v7i2.4.10029 -
Framework, Threats, Web Applications, Web Development Cycle. -
Abstract
Web applications have become important but there are different types of security problems which could lead to tampering with details. The most common are cookies poisoning, structured query language, cross-site scripting and parameter tempering. This is the reason why most of the web companies today are verifying the type of content they receive and most importantly, from where the contents are originated. It has been thus noted from the above deduction that the major security threat has nothing to do with the Secure Socket Layer rather other layers in the web development program. In order to avoid such threats and other vulnerabilities, initial stages of the web development cycle need to be taken care of.Thus, the main focus of this research paper is to come up with a framework that would help to strengthen the security of the various stages in the web development cycle. For the same, various modules and life cycles have been used.
-
References
[1] Adrian, O. (2008). Web application vulnerability and IBM rational appscan. Proceedings of the IBM Rational Software Development Conference 2008, (RSSDC'08), Orlando FL, pp: 79-88.
[2] Wang, L., H. Mu, L. Xu, J. Chen, X. Liu and P. Chen. (2010). Trojan URL detector: A statistical analysis based trojan detection mechanism. Inform. Technol. J., 9, 1124-1132.https://doi.org/10.3923/itj.2010.1124.1132.
[3] Danny, A. (2007). Managing a growing threat: An executives guide to web application security. Web Application Security Executive Brief. New York, USA, pp 1-8.
[4] Ilyas, Q.M., Y. Zongkai and M.A. Talib. (2004). A journey from information to knowledge: Knowledge representation and reasoning on the web. Inform. Technol. J., 3, 163-167.https://doi.org/10.3923/itj.2004.163.167.
[5] Stuttard, D. and M. Pinto. (2008). the Web Application Hackers Handbook: Discovering and Exploiting Security Flaws. Wiley Pub., Indianapolis, IN.
[6] Stijn, V.K., (2004). Threat Model for Web Application Using STRIDE Model. Royal Halloway University, London.
[7] Caleb, S. and L. Vincent. (2007). InforSecWriters. Effective controls for attaining continuous application security throughout the web application development life cycle. Retrieved from http: //www .infosec writers. Com /texts.php?op=display&id=583
[8] Diana, K. and Security Curve. (2009). Practical approaches for securing web applications across the software delivery lifecycle. IBM White Paper 3-7, USA.
[9] Keramati, H. and S.H. Mirian-Hosseinabadi. (2008). Integrating software development security activities with agile methodologies. Proceedings of the 2008 IEEE/ACS International Conference on Computer Systems and Applications, 749-754.https://doi.org/10.1109/AICCSA.2008.4493611.
[10] Meledath, D. (2006). Secure software development using use cases and misuse cases. Information Systems. Retrieved from http://www.iacis.org/iis/2006_iis/PDFs/Damodaran.pdf
[11] Eduardo, B. (2004). A methodology for secure software design. Proceedings of the 19th International Conference on Database and Expert Systems Application Turin, (ICDESAT'04), Boca Raton, FL, 1-7.
[12] Ge, X., R.F. Paige, F.A.C. Polack, H. Chivers and P.J. Brooke. (2006). Agile development of secure web applications. Proceedings of the 6th International Conference on Web Engineering. California, USA. 305-312.https://doi.org/10.1145/1145581.1145641.
[13] Palmer, S.R. and M. Felsing. (2001). A Practical Guide to Feature-Driven Development. 1st Edn. Mumbai: Pearson Education, 299.
[14] Sengupta, A., C. Mazumdar and M.S. Barik. (2005). E-Commerce security: A life cycle approach. Sadhana, 30, 119-140.https://doi.org/10.1007/BF02706241.
[15] Scott, D. and R. Sharp. (2002). Developing secure web applications. IEEE Internet Comput. , 6, 38-45.https://doi.org/10.1109/MIC.2002.1067735.
-
Downloads
-
How to Cite
Mohanty, S., Kumar Mohapatra, A., & Patnaik, S. (2018). A Study of major secure SDLC processes in web based applications. International Journal of Engineering & Technology, 7(2.4), 1-4. https://doi.org/10.14419/ijet.v7i2.4.10029Received date: 2018-03-10
Accepted date: 2018-03-10
Published date: 2018-03-10