A Study of major secure SDLC processes in web based applications
DOI:
https://doi.org/10.14419/ijet.v7i2.4.10029Published:
2018-03-10Keywords:
Framework, Threats, Web Applications, Web Development Cycle.Abstract
Web applications have become important but there are different types of security problems which could lead to tampering with details. The most common are cookies poisoning, structured query language, cross-site scripting and parameter tempering. This is the reason why most of the web companies today are verifying the type of content they receive and most importantly, from where the contents are originated. It has been thus noted from the above deduction that the major security threat has nothing to do with the Secure Socket Layer rather other layers in the web development program. In order to avoid such threats and other vulnerabilities, initial stages of the web development cycle need to be taken care of.Thus, the main focus of this research paper is to come up with a framework that would help to strengthen the security of the various stages in the web development cycle. For the same, various modules and life cycles have been used.
References
[1] Adrian, O. (2008). Web application vulnerability and IBM rational appscan. Proceedings of the IBM Rational Software Development Conference 2008, (RSSDC'08), Orlando FL, pp: 79-88.
[2] Wang, L., H. Mu, L. Xu, J. Chen, X. Liu and P. Chen. (2010). Trojan URL detector: A statistical analysis based trojan detection mechanism. Inform. Technol. J., 9, 1124-1132.https://doi.org/10.3923/itj.2010.1124.1132.
[3] Danny, A. (2007). Managing a growing threat: An executives guide to web application security. Web Application Security Executive Brief. New York, USA, pp 1-8.
[4] Ilyas, Q.M., Y. Zongkai and M.A. Talib. (2004). A journey from information to knowledge: Knowledge representation and reasoning on the web. Inform. Technol. J., 3, 163-167.https://doi.org/10.3923/itj.2004.163.167.
[5] Stuttard, D. and M. Pinto. (2008). the Web Application Hackers Handbook: Discovering and Exploiting Security Flaws. Wiley Pub., Indianapolis, IN.
[6] Stijn, V.K., (2004). Threat Model for Web Application Using STRIDE Model. Royal Halloway University, London.
[7] Caleb, S. and L. Vincent. (2007). InforSecWriters. Effective controls for attaining continuous application security throughout the web application development life cycle. Retrieved from http: //www .infosec writers. Com /texts.php?op=display&id=583
[8] Diana, K. and Security Curve. (2009). Practical approaches for securing web applications across the software delivery lifecycle. IBM White Paper 3-7, USA.
[9] Keramati, H. and S.H. Mirian-Hosseinabadi. (2008). Integrating software development security activities with agile methodologies. Proceedings of the 2008 IEEE/ACS International Conference on Computer Systems and Applications, 749-754.https://doi.org/10.1109/AICCSA.2008.4493611.
[10] Meledath, D. (2006). Secure software development using use cases and misuse cases. Information Systems. Retrieved from http://www.iacis.org/iis/2006_iis/PDFs/Damodaran.pdf
[11] Eduardo, B. (2004). A methodology for secure software design. Proceedings of the 19th International Conference on Database and Expert Systems Application Turin, (ICDESAT'04), Boca Raton, FL, 1-7.
[12] Ge, X., R.F. Paige, F.A.C. Polack, H. Chivers and P.J. Brooke. (2006). Agile development of secure web applications. Proceedings of the 6th International Conference on Web Engineering. California, USA. 305-312.https://doi.org/10.1145/1145581.1145641.
[13] Palmer, S.R. and M. Felsing. (2001). A Practical Guide to Feature-Driven Development. 1st Edn. Mumbai: Pearson Education, 299.
[14] Sengupta, A., C. Mazumdar and M.S. Barik. (2005). E-Commerce security: A life cycle approach. Sadhana, 30, 119-140.https://doi.org/10.1007/BF02706241.
[15] Scott, D. and R. Sharp. (2002). Developing secure web applications. IEEE Internet Comput. , 6, 38-45.https://doi.org/10.1109/MIC.2002.1067735.
How to Cite
License
Authors who publish with this journal agree to the following terms:- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution Licensethat allows others to share the work with an acknowledgement of the work''s authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal''s published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
Accepted 2018-03-10
Published 2018-03-10