0% found this document useful (0 votes)

25 views8 pages

Web Application Security

The document outlines the fundamentals of web application security (WAS), detailing its purpose, common attacks, and essential tools. It provides a historical overview of software security evolution from early computing to the present, highlighting significant threats and the emergence of ethical hacking. Key concepts such as secure coding practices, encryption, and the importance of security assessments are emphasized throughout the document.

Uploaded by

ajayrajay790

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

25 views8 pages

Web Application Security

Uploaded by

ajayrajay790

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

You are on page 1/ 8

NAVEEN CEO OF INDIA

UNIT 1

1. WEB APPLICATION SECURITY (WAS) OR SECURING :

PROTECTS (OR) SAFEGUARD WEBSITES AND APPLICATIONS FROM CYBERSATTACK (OR)
VULNERABILITIES .

WORKS:

 DEVELOPMENT
 TESTING
 CONTROLS
 INPUT VALIDATION
 ENCRYPTION
 AUDIT OR LOGGING
1. DEVELOPMENT
 USE SECURE CODING AND DESIGN TO AVOID VULNERABILITIES .
2. TESTING
 RUN TEST THROUGHOUT DEVELOPMENT TO FIND BUGS AND CONFIGURATION .
3. CONTROLS
 USE FIREWALLS AND CONTROLS TO PREVENT UNAUTHORIZED ACCESS
4. INPUT VALIDATION
 TO PREVENT USER INPUT FROM MALICIOUS THREAT .
5. ENCRYPTION
 PROTECT DATA INTRANSIT
6. AUDIT AND LOGGING
 KEEP TRACK OF USER ACTIVITY TO HELP IDENTIFY AND RESPOND TO OTHERS.
COMMON WEB APPLICATION ATTACKS :

 BRUTE FORCE
 CREDENTIAL STUFFING
 SQL INJECTION
 ERROR WITH SCRIPTING
 COOKIES
 POISIONING
 SESSION HIJACKING

TOOLS:

WAF(WEB APPLICATION FIREWALL )

SPECTRAL

RUNTIME APPLICATION SELF PROTECTION

FUNDAMENTALS OF WAS (OR) KEY CONCEPT OF WAS :

1. AUTHENTICATION
2. AUTHORIZATION
3. INPUT VALIDATION
4. SECURING CODING PRACTICES
5. ENCRYPTION
6. ACCESS CONTROL
7. LOGGING
8. MONETARY
9. REGULAR CACHE
10. PRINCIPAL OF
11. VULNERABILITY MANAGEMENT
12. PERFORMING SECURITY ASSESSMENT
HISTORY OF SOFTWARE SECURITY:
 IT IS A LONG AND EVOLVING STRONG SHAPE BY THE INCREASING COMPLEXITY OF COMPUTER
SYSTEM, THE RAISE OF THE INTERNET & THE NEED TO SAFEGUARD DIGITAL ASSESTS.

EARLY COMPUTING [1940-1960]:

o FIRST COMPUTER SECURITY CONCEPT :

 EARLY COMPUTING WAS PRIMARILY FOCUSED ON SOLVING MATHEMATICAL AND

SCIENTIFIC PROBLEMS .
 IN 1960’S IBM MAINFRAME STARTED BEING USED FOR BUSINESS .

APPLICATION : BASIC
 SECURITY CONCEPT LIKE PASSWORD AND ACCESS CONTROL MECHANISMS.

2.THE RISE OF PASSWORD :(1970’S) :

 ONE OF THE EARLIEST SECURITY SYSTEMS DESIGNED FOR A MULTIPLE USER ENVIRONMENT .
 UNIX SECURITY :
 AS UNIX GAINED 1970’S AND 1980’S FILE PERMISSIONS AND PASSWORD PROTECTION, WERE
INTEGRAL PART OF THE SYSTEM .

SECURITY DESIGN :
 THE BIRTH OF FIRST VIRUSES :
o IN THE EARLY 1970’S
o THE CONCEPT OF COMPUTER VIRUSES BEGAN TO EMERGE .

EXAMPLE: CREEPER VIRUSES .

3.THE ADVENT OF PUBLIC NETWORKS (1980’S):

ARPANET AND NETWORDED SECURITY :

 FIRST TIME THAT MULTIPLE COMPUTER’S WERE CONNECTED IN A NETWORKED ENVIRONMENT
ALLOW FOR REMOTE ACCESS AND VULNERABILITY .

THE MORIS WORM (1988):

 SELF REPLICATING MALWARE THAT CAUSED SIGNIFICANT DISRUPTION ACROSS THE ARPANET.

INTRODUCTION OF FIREWALLS :

AS THE NEED FOR NETWORK SECURITY INCREASED , THE CONCEPT OF FIREWALLS

MERGED TO PROTECT PRIVATE NETWORK FROM UNAUTHORIZED ACCESS.

THE 1990’S THE WEB AND HIJACKING CULUTURE EMERGES :

THE RISE OF THE WORLD WIDE WEB :

AS THE WEB BEGAN TO GAIN TRACTION, SOFTWARE VULNERABILITIES BECAME,MARE

PUBLICLY RECOGNIZED .
WEB SECURITY BECAME A SIGNIFICANT FOCUS WITH THE DEVELOPMENT OF BROWSER
BASED THREATS .

THE FIRST MAJOR MALWARE (1990’S):

 DURING THIS PERIOD , MARE SOPHISTICATED FROMS OF MALWARE INCLUDING

TROJANS ,WORMS AND VIRUS STARTED TO SPREAD RAPIDLY .

THE LOVE BUG VIRUSES (2000’S):

 FOR INSTANCE INFECTED MILLIONS OF COMPUTERS THROUGH EMAIL.

ETHICAL HACKING AND HACKER CULTURE :

 THE 1990’S SAW THE RISE OF A MORE ORGANIZED HACKER CULTURE

 INDIVIDUALS AND GROUPS STARTED TO EXPLOIT VULNERABILITIES FOR BOTH MALICIOUS
PURPOSES AND TO TEST AND IMPROVE SYSTEM SECURITY .
 ETHICAL HACKING ALSO EMERGED AS A PROFESSION .DURING THIS TIME,WHERE SECURITY
PROFESSIONALS WOULD ATTEMPT TO FIND VULNERABILITIES BEFORE MALICIOUS HACKERS
COULD .

VULNERABILITIES AND EXPLOITS:

o MANY ATTACK SUCH AS SQL INJECTION AND CROSS-SIDE SCRIPTING (XSS) WERE FIRST
RECOGNIZED IN THE 1990’S.
o THE WIDESPREAD USE OF THE INTERNET LED TO MORE SYSTEMATIC IDENTIFICATION OF
SECURITY FLOWS IN WEB APPLICATION .

THE 2000’S :THE GROWING IMPORTANCE SOFTWARE SECURITY :

THE CONCEPT OF SOFTWARE ASSURANCE :

 SOFTWARE ASSURANCE EMERGED AS AN ESSENTIAL CONCEPT, EMPHASSING THE SECURE

DESIGN, CODING AND MAINTENANCE OF APPLICATION .

WIDE SPREAD CYBER SECURITY THREATS:

ATTACKS PHISHING DENIAL OF SERVICE ATTACKS AND SPYWARE BECAME MORE COMMON AND
ORGANIZATION STARTED INVESTING MORE HEAVILY IN CYBER SECURITY TECHNOLOGIES .
ANTIVIRUS SOFTWARE AND INCLUSION DEDUCTION SYSTEM BECAME STAPLES IN ENTERPRISE
ENVIRONMENT .

BUFFER OVERFLOW ATTACKS :

o THE EXPLOITATION OF SUCH VULNERABILITIES LED TO SIGNIFICANT WAS WRITTEN WITH

DEVELOPERS STARTING TO ADOPT MORE SECURE CODING PRACTICES .

THE 2010’S CLOUD COMPUTING ,MOBILE APPS AND ADVANCED THREATS .

MOBILE SECURITY :

 THE RAPID ADOPTION OF SMART PHONES AND MOBILE APPLICATION INTRODUCED . NEW
ATTACK VECTORS SUCH AS MOBILE MALWARE AND PRIVACY CONCERNS RELATED TO
PERMISSION .
 SECURE DEVELOPMENT PRACTICE FOR MOBILE APPS,INCLUDING DATA ENCRYPTION AND APP
SAND BOXING BECAME CRITICAL.

CLOUD SECURITY :

 NEW CHALEENGES EMERGED AROUND SCARING CLOUD INFRASTRUCTURE ,DATA STORAGE

AND MULITITALENT ENVIRONMENT .
 IDENTITY AND I AM ALONG WITH ENCRYPTION BECAME CENTRAL TO CLOUD COMPUTING .
THE 2020’S :AI ZERO TRUST AND NEXT GENERATION THREATS :
ZERO TRUST ARCHITECTURE :

 THE ZERO TRUST SECURITY MODEL WERE KNOWN ENTITY TRUSTED BY DEFAULT .
 SUPPLY CHAIN ATTACKS LIFE SOL OR WIND HACK 2020 DEMONSTRATOR THE VULNERABILITIES
OF THE SOFTWARE SUPPORT CHAIN WHERE HACKERS TARGETER SOFTWARE VENDORS TO GAIN
ACCESS TO THEY CUSTOMERS NETWORKS .

PRIVACY REGULATION :

 WITH GROWING CO NCERN OVER USER PRIMARY REGULATION LIKE GDPR MN0PR (GENERAL
DATA PRODUCTION REGULATION ) IN THE YEAR 2018. AND CCPA (CALIFORNIA CONSUMER
PRIVATE ATTACK) .AT CALIFORNIA CONSUMER PRIVACY HACK BEGAN TO STRICT REQUIREMENT
FOR SECURING PERSONAL DATA .ONGOING TRENDS AND CHALLENGES. THE INTEGRATION
SECURITY PRACTICES INTO DEPARTMENT PIPELINE IS BECOMING INCREASING THE IMPORTANT .
MOMENT ENSURE THAT SECURITY IS THAT PART OF DEVELOP AND DEPLOYMENT LIFE CYCLE.

1 Security
No ratings yet
1 Security
39 pages
Google Cybersecurity Certificate - COURSE 1 NOTES
100% (1)
Google Cybersecurity Certificate - COURSE 1 NOTES
10 pages
History and Future of Cybersecurity
No ratings yet
History and Future of Cybersecurity
12 pages
Computer Security (Chapter-1)
No ratings yet
Computer Security (Chapter-1)
46 pages
Chapter 1 Security
No ratings yet
Chapter 1 Security
46 pages
Cybersecurity Essentials Guide
No ratings yet
Cybersecurity Essentials Guide
49 pages
Ias History
No ratings yet
Ias History
11 pages
Cybersecurity 101 ABeginners Guideto Protecting Your Digital Life
No ratings yet
Cybersecurity 101 ABeginners Guideto Protecting Your Digital Life
43 pages
Group 8 CyberSecurity
No ratings yet
Group 8 CyberSecurity
8 pages
Computer Security and Privacy: COSC 624
No ratings yet
Computer Security and Privacy: COSC 624
39 pages
Chapter 1
No ratings yet
Chapter 1
57 pages
Ch1 - 1 - Introduction (History, Trends Threats)
No ratings yet
Ch1 - 1 - Introduction (History, Trends Threats)
58 pages
Information Security and Assurance
No ratings yet
Information Security and Assurance
52 pages
CompTIA Security Study Guide
No ratings yet
CompTIA Security Study Guide
44 pages
Cyber Security Essentials
No ratings yet
Cyber Security Essentials
35 pages
1 Security
No ratings yet
1 Security
39 pages
Computer Security (Chapter-1)
No ratings yet
Computer Security (Chapter-1)
43 pages
Ethics and Data Security Introduction
No ratings yet
Ethics and Data Security Introduction
31 pages
Chapter 1-Introduction
No ratings yet
Chapter 1-Introduction
38 pages
Unit 1 - Introduction
No ratings yet
Unit 1 - Introduction
42 pages
Computer Security Basics & History
No ratings yet
Computer Security Basics & History
51 pages
EFFECTS AND CONTRIBUTIONS OF COMPUTER Since Then Until Now in Modern Society
No ratings yet
EFFECTS AND CONTRIBUTIONS OF COMPUTER Since Then Until Now in Modern Society
3 pages
Cybersecurity Study Notes Guide
No ratings yet
Cybersecurity Study Notes Guide
6 pages
Cyber Security (Ahsan Khan and Shoaib Riaz
No ratings yet
Cyber Security (Ahsan Khan and Shoaib Riaz
15 pages
IS Chap 2
No ratings yet
IS Chap 2
41 pages
IT Security Essentials for BSCS Students
No ratings yet
IT Security Essentials for BSCS Students
5 pages
DIS Unit 1
No ratings yet
DIS Unit 1
24 pages
2.4.1 - Intro To Cyber Security
No ratings yet
2.4.1 - Intro To Cyber Security
39 pages
Was Notes
No ratings yet
Was Notes
257 pages
Computer and Network Security: Dr. Ron Rymon Efi Arazi School of Computer Science IDC, Herzliya. 2009/10
No ratings yet
Computer and Network Security: Dr. Ron Rymon Efi Arazi School of Computer Science IDC, Herzliya. 2009/10
36 pages
CW3551-DIS-UNIT-1 Notes
No ratings yet
CW3551-DIS-UNIT-1 Notes
22 pages
5 - Computer Crime
No ratings yet
5 - Computer Crime
58 pages
Increasing Complexity Increases Vulnerability
No ratings yet
Increasing Complexity Increases Vulnerability
25 pages
DIS 5 Unit Notes, QB, Univ Ques
No ratings yet
DIS 5 Unit Notes, QB, Univ Ques
129 pages
Info Security Chapter 1 CYS
No ratings yet
Info Security Chapter 1 CYS
8 pages
Cyber Sec
No ratings yet
Cyber Sec
53 pages
CS Chapter 1 and 2
No ratings yet
CS Chapter 1 and 2
54 pages
Session13&14 Computing&SecuringIS
No ratings yet
Session13&14 Computing&SecuringIS
53 pages
Web App Security Evolution
No ratings yet
Web App Security Evolution
37 pages
2 - Introduction - Week 2
No ratings yet
2 - Introduction - Week 2
36 pages
3 Topics Remaining
No ratings yet
3 Topics Remaining
119 pages
OladejoAO Mini Project1
No ratings yet
OladejoAO Mini Project1
3 pages
CH 1
No ratings yet
CH 1
33 pages
1 Introduction - I Updated
No ratings yet
1 Introduction - I Updated
84 pages
UNIT-2 cw3551
No ratings yet
UNIT-2 cw3551
30 pages
Unit 7
No ratings yet
Unit 7
43 pages
Why You Need Cyber Security:-The Protection of Data, Networks and Computing Power. The Protection of Data
No ratings yet
Why You Need Cyber Security:-The Protection of Data, Networks and Computing Power. The Protection of Data
4 pages
Article On Security - Technical - Final
No ratings yet
Article On Security - Technical - Final
2 pages
Info Security S2 2023 Week 2 Slides
No ratings yet
Info Security S2 2023 Week 2 Slides
81 pages
Network Security: Dr. Imran Rashid
No ratings yet
Network Security: Dr. Imran Rashid
83 pages
Chapter 1
No ratings yet
Chapter 1
36 pages
Cyber Security 2-20
No ratings yet
Cyber Security 2-20
19 pages
DIS Unit 1 Notes
No ratings yet
DIS Unit 1 Notes
25 pages
1 2 2 Internet
No ratings yet
1 2 2 Internet
17 pages
Unit No: 2 Computer and Internet Crime
No ratings yet
Unit No: 2 Computer and Internet Crime
49 pages
INFORMATION SECURITY - Information Security Unit 1-5
No ratings yet
INFORMATION SECURITY - Information Security Unit 1-5
35 pages
openQRM User Guide
No ratings yet
openQRM User Guide
74 pages
Informatica
No ratings yet
Informatica
5 pages
AutoCAD Chapter 4 Questions
No ratings yet
AutoCAD Chapter 4 Questions
8 pages
RTM Sit Status 30-04
No ratings yet
RTM Sit Status 30-04
10 pages
AP CALC BC Unit 1 Progress Check: FRQ Part B
No ratings yet
AP CALC BC Unit 1 Progress Check: FRQ Part B
3 pages
CDintroduction
No ratings yet
CDintroduction
32 pages
Untas Herianto, ST
No ratings yet
Untas Herianto, ST
6 pages
Cec005-Cec41s4 SQL3 Manapao
No ratings yet
Cec005-Cec41s4 SQL3 Manapao
2 pages
Krishneeyam of Sree Krishna Achaarya: PDF-KOSKA-9-2 - 42 Pages - Size 2,769 KB - 5 Jan, 2015
No ratings yet
Krishneeyam of Sree Krishna Achaarya: PDF-KOSKA-9-2 - 42 Pages - Size 2,769 KB - 5 Jan, 2015
2 pages
Gear Pump Performance Analysis
No ratings yet
Gear Pump Performance Analysis
9 pages
Ultrasonic Pulse Controls
No ratings yet
Ultrasonic Pulse Controls
4 pages
Grade 2 Revision Sheet (Model Answer) 2
No ratings yet
Grade 2 Revision Sheet (Model Answer) 2
13 pages
Apb-Uart Vip
No ratings yet
Apb-Uart Vip
10 pages
AI For Marketing
No ratings yet
AI For Marketing
198 pages
APILE 2019 Users Manual
No ratings yet
APILE 2019 Users Manual
163 pages
Hardware and Software Requirement, Assemble, Setup Microcomputer, Computer Systems
No ratings yet
Hardware and Software Requirement, Assemble, Setup Microcomputer, Computer Systems
5 pages
Easy List
No ratings yet
Easy List
694 pages
HQ Online Interpreter School Syllabus 102023 V 1.2
No ratings yet
HQ Online Interpreter School Syllabus 102023 V 1.2
3 pages
SM-A530F SVC Guide - F PDF
No ratings yet
SM-A530F SVC Guide - F PDF
30 pages
My1050a-P 0
No ratings yet
My1050a-P 0
5 pages
Re Fix Match
No ratings yet
Re Fix Match
11 pages
Cisco SONA Framework & Network Design
No ratings yet
Cisco SONA Framework & Network Design
9 pages
Lab Report
No ratings yet
Lab Report
10 pages
Thermal Optimization On Incubator Using Fuzzy Inference System Based IoT
No ratings yet
Thermal Optimization On Incubator Using Fuzzy Inference System Based IoT
5 pages
B. Sc. in Information Technology-2024-28 Syllabus
No ratings yet
B. Sc. in Information Technology-2024-28 Syllabus
15 pages
JavaScript Basics for Web Development
No ratings yet
JavaScript Basics for Web Development
28 pages
LoRa Networking in Mobile Scenarios Using UAV
No ratings yet
LoRa Networking in Mobile Scenarios Using UAV
108 pages
Definity: Enterprise Communications Server
No ratings yet
Definity: Enterprise Communications Server
2,350 pages
BCS401
100% (1)
BCS401
2 pages
Bharatiya Antariksh Hackathon 2025 Idea Submission
No ratings yet
Bharatiya Antariksh Hackathon 2025 Idea Submission
17 pages