MITS5004 - Evaluation of Web Application Security Risks and Design

Verified

Added on 2022/10/06

AI Summary

This report, titled "Evaluation of Web Application Security Risks and Secure Design Patterns," analyzes the critical importance of security in web application development. It examines the vulnerabilities that arise from inadequate security considerations and flaws in design, highlighting how these weaknesses can be exploited by attackers. The report investigates existing security patterns, categorizing application vulnerabilities and correlating them with appropriate security features. It emphasizes the significance of secure coding practices and the utilization of security design patterns to mitigate risks. The paper discusses the evolution of design patterns in web development, explores various security patterns, and classifies common vulnerabilities, culminating in a conclusion that underscores the importance of these practices for developers. The report also touches on the assessment of security risks in web applications, focusing on technical, configuration, and security-based vulnerabilities, and stresses the need for continuous research in areas like denial-of-service and cryptography to further enhance application security.

Running Head: APPLICATION SECURITY
Course Title:
Course Code:
Assignment title: Application Security
Name of the paper reporting: Evaluation of Web Application Security Risks and Secure Design
Patterns
Authors: Asish Kumar Dalai and Sanjay Kumar Jena
Student Name:
Student ID Number:
Instructors Name:
Institutional Affiliation:
Date:
Student Name:
Student ID:

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

APPLICATION SECURITY
APPLICATION SECURITY
ABSTRACT
Applying of security in development regarding the development of the web is usually one of the
critical factors to business individuals and other innovators based on the extensive use of the
website based on different business setups and other innovative fields [2]. Most of the attacks
encountered in the web applications are as a result of the failure by the developers of that
particular web to consider security as a significant factor of concern. In some other cases, the
attacks are as a result of security flaws encountered when designing and developing that
particular application [5]. These flaws have, in most cases, served as a way out or a channel
through which attackers can quickly attack the business though dubious methods of access into
its system [4]. Enforcement of high standard security in the development of particular software
in its life cycle may help to reduce the high cost. Also, there are efforts associated with the entire
process of implementing this kind of security features at the late stage of the entire process.
Therefore, with consideration of the attacks, several attempts have been made to define several
security patterns [1]. In this paper, various existing security patterns have been analyzed with
proper classification of the application vulnerabilities as well as doing a proper pairing or proper
relation between each vulnerability and its appropriate or suitable feature [3]
INTRODUCTION
Various developers have chosen the web to be their prime choice to design and deploy various
applications due to the cross-platform compatibility in it. In this paper, authors have taken into
consideration several advancements that web application has undergone with the minimal or the
lowest possible technologies [14]. An example being the web services and ajax. There is also an
alarming increase in the number of attacks to web applications with an increase in technological
advancements. Therefore, traditional approaches regarding the software development life cycle
may not be suitable at all in incidences where security in the web application is an excellent
factor of consideration [13]. This means that, writing of a secure code or testing an already
existing system so as to prove its uniqueness and strength in which hackers cannot easily access
it is of great importance since it improves the security of the data kept in that business set up and
Student Name:
Student ID:
2

APPLICATION SECURITY
all the files are inaccessible from all the hackers. Additionally, making appropriate utilization of
all the security design for a particular context may significantly reduce all the chances that
attackers could have to access the data system of that business [11]. There are a significant
number of attempts that have been made to come up with the appropriate and elaborate
explanation of some features that are contained in the security patterns. These explanations can
be used by software developers to come up with a proper function that can make a specific
software complex and harder to be accessed by any unauthorized persons. This may be of great
importance in web development, but making an appropriate choice for this matter becomes a bit
challenging [6]
The primary purpose of this report is to highlight various development features that have taken
place in application development to ensure they are more secure from the attackers and
unauthorized access. In this particular paper, various works relating to security patterns have
been tackled in detail and adequately studied with an appropriate characterization of
vulnerabilities that can quickly arise from the entire process of web development and
management with various attempts of providing a suitable pattern that can be used to resolve
each vulnerability [15]. This acted as a beginning for various researches that can be carried out in
the future regarding the entire process of security patterns in the development of the web.
Additionally, this paper provided a direction and framework of what future innovators and
software developers need to address and expect when handling this kind of work. In this paper,
the process of origin and the growth of design patterns regarding the web development process
has been adequately elaborated. Also, security patterns that represent the related works have
been discussed while appropriately highlighting some of the familiar sources of vulnerabilities
with their appropriate classification and lastly a proper conclusion regarding all the finding in the
paper [10].
INTENTIONS OF THE PAPER
Design patterns
Student Name:
Student ID:
3

APPLICATION SECURITY
These are the possible solutions to some of the commonly occurring problems regarding design.
In other words, design pattern can be of great importance since it helps in the expansion of the
expert's knowledge about software development and improves the user experience. Numerous
templates are usually implemented regarding the process of software development and its whole
life cycle to prevent though all possible means any recurrence that may be as a result of failures
in the process of software development [8]. This means that the whole idea surrounding the
process of software development and design pattern was at first started as a result of the civil
architecture, with the main aim being a modeling of individual buildings and towns. Afterward,
this concept was used incorporated in the field of software engineering, which helped innovators
to come up with the various form of software applications improving user experience about the
website [11]. The overall experience and knowledge regarding software development and
innovations have served as proper means of modeling ways out in some of the specific problems
and challenges that are encountered online while making it easy to handle volume number of
tasks online. This means that in future dates, developers can put all these innovations into
practicality and improve on them in order to come up with software and applications that are up
to date and meeting customer demands and taste. Therefore, the entire ides of design pattern can
be redefined as a security design pattern when it is solely intended for this definition to solve
some of the significant problems that are encountered in the field of software development and
its use is used in coming up with the resolution to some security issues in applications [12].
Taking the pattern into consideration, this can be characterized to be an appropriate and right
solution to certain problems that are usually encountered within some specific and certain
context in applications development [9]. Pattern not only gives a description to precise solutions,
but it also offers elaborate explanations of the background and problem in which the design is
used. Therefore, the pattern can be well elaborated with the use of an appropriate diagram or an
appropriate illustration. Chess et al. made a proposal in template [5] comprising of the four main
common features, these features are; pattern name, its intention, its applicability, and other
related functions. Afterward, Huang et al. made a proposal regarding the extension to his
template [8] providing a room for more elaborate details regarding the concept of pattern design.
Afterward, a standard model was established by Dougherty et al. in template [7] helping in the
Student Name:
Student ID:
4

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

APPLICATION SECURITY
process of facilitation and proper understanding of different vital concepts and allowing various
developers to quickly come up with different innovations and make multiple applications on
their contexts regarding software work.
Numerous amounts of research have been done over time in this field, leading to essential
constructive assistance in the form through which all the worked solutions, including appropriate
guidance, correctly find their application [12].
Security risks assessment of web application
The browser and the web server perform numerous amounts of tasks through the rendering of the
page that promptly appears in the screen of every user. Despite being of such positive impact, it
also has some side effects since it has served as a way through which hackers get an access to
user business-sensitive data thus affecting the performance of that particular business forcing
experts to base more and focus on doing research in this field so as to come up with proper
measures which can increase data security making it hard for the hackers to sip in [13]. The
major three vulnerabilities which need attention and significant consideration are; security
vulnerabilities, technical vulnerabilities, and the configurational vulnerabilities [9].
Technical vulnerabilities are usually as a result of various technical flaws in the coding system
that falls under this category. These vulnerabilities lead to some severe and severe attacks on the
web [14]. Examples of these attacks are; the injection attacks, CSRF attacks, XSS attacks, among
some other attack [15].
The configurational vulnerability is a vulnerability that always results as a result of the
architectural flaws experienced in the system. At times, the security goals may not be
documented in an appropriate manner, and therefore there remains some of the server
configurational flaws or vulnerabilities thus leading to several risks that are encountered in the
system [7].
Security-based vulnerabilities can be classified as vulnerabilities resulting from certain flaws
faced in the transport layer leading to failures in the application. A good example of such flaws is
a denial of service in the central server [8]
Student Name:
Student ID:
5

APPLICATION SECURITY
CONCLUSION
In conclusion, this paper has analyzed various related works in web application security. In a
standard template [4], there are different pattern designers that have been stipulated to be
followed. Additionally, some of the vulnerabilities have been classified in their respective
categories and elaborated adequately in details. A pairing link between each type of vulnerability
and an appropriate pattern has been done and elaborated adequately in this paper which may be
of great importance to all the system developers as seen in template [12]. Following this, future
research will be done to address the patterns that are so important for some critical issues among
them being a denial of service and cryptography.
Student Name:
Student ID:
6

APPLICATION SECURITY
References
[1] Almorsy, Mohamed, J. Grundy, and I. Müller. "An analysis of the cloud computing security
problem.", 2016.
[2] Balasubramanian, Sembian. "Application security framework." U.S. Patent 9,098,680, issued
August 4, 2015.
[3] Brucker, D. Achim, and T. Deuster. "Modular static application security testing." U.S. Patent
9,305,168, issued April 5, 2016.
[4] C. Dougherty, K. Sayre, R. C. Seacord, D. Svoboda, and K. Togashi. Secure Design Patterns.
Software Engineering Institute, 2009.
[5] Chess, V. Brian, I. Ragoler, P. Edward Hamer, R. Andrew Spitler, S. Patrick Fay, and P.
Subbash Jagdale. "Application security testing." U.S. Patent 9,501,650, issued November
22, 2016.
[6] D. Corin, Roberto, S.S. Hayward, D. Siracusa, M. Savi, and E. Salvadori. "Dynamic and
application-aware provisioning of chained virtual security network functions.", 2019.
[7] D. Santos, A. Pedro, F. Fortuna, R. Miguel, S. Ribeiro, F. Manuel and, G. Silva. "System and
method for web application security." U.S. Patent 9,979,726, issued May 22, 2018.
[8] Huang, H. Chuan, Z. K. Zhang, H. K. Cheng, and S. Winston Shieh. "Web application
security: threats, countermeasures, and pitfalls.", 2017.
[9] Jevans, D. Alexander, and S. Kumar Basandra. "Systems and methods for application
security analysis." U.S. Patent 9,967,278, issued May 8, 2018.
[10] Johansson, J. Mikael, and E. J. Brandwine. "Dynamic application security verification."
U.S. Patent 9,591,003, issued March 7, 2017.
[11] OWASP. Owasp top 10 application security risks-2010.
http://www.owasp.org/index.php/Category: OWASP_Top_Ten_Project.
Student Name:
Student ID:
7

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

APPLICATION SECURITY
[12] Pranata, Sunderi, and H. T. Nugroho. "2FYSH: two-factor authentication you should have
for password replacement.", 2019.
[13] Roichman, Alexander, M. Siman, and S. Eshkenazi. "Integrated interactive application
security testing." U.S. Patent Application 10/387,656, filed August 20, 2019.
[14] Salva, Sébastien, and L. Regainia. "A catalogue associating security patterns and attack
steps to design secure applications." Journal of Computer Security Preprint, 2019.
[15] Sridevi, M., and K. V. N. Sunitha. "A Hybrid Framework for Secure Web Applications."
In International Conference on Intelligent Computing and Communication Technologies,
pp. 140-151. Springer, Singapore, 2019.
Student Name:
Student ID:
8