Securing Web Applications with Secure Coding Practices and Integrity Verification
Loading...
Authors
Anis, Arafa Mohd
Date
Type
thesis
Language
eng
Keyword
Web Application Security , Javascript , Integrity Verification
Alternative Title
Abstract
The concept of security in web applications is not new. However, it is often ignored in the development stages of the web applications. Being multitiered and spread across different domains, it is challenging to come up with a security solution that works for all web applications. Moreover, developers are more inclined to produce working features for the applications in the rapid development approaches that are chosen, than providing security for the code and often do not practice secure coding. Therefore, countless web applications are launched with security vulnerabilities which manifest later in their life cycle. Integrating security features should be part of the development process for these web applications to prevent unwanted attacks. Along with cross-site scripting, injection attacks and resource alterations; code tampering on the client side is a serious security risk for web applications. Without practicing secure coding and having an integrity verification system in place, it is difficult to defend these unwanted attacks. We present a system that integrates security measures on the client side code based on the best practices of secure coding and an integrity verification system. The proposed approach can be integrated with both new and existing web applications to provide security against prevalent attacks and make the client side tamper resistant. We implement our approach for JavaScript-based applications for which the security flaws are the most common.
Description
Citation
Publisher
License
CC0 1.0 Universal
Queen's University's Thesis/Dissertation Non-Exclusive License for Deposit to QSpace and Library and Archives Canada
ProQuest PhD and Master's Theses International Dissemination Agreement
Intellectual Property Guidelines at Queen's University
Copying and Preserving Your Thesis
This publication is made available by the authority of the copyright owner solely for the purpose of private study and research and may not be copied or reproduced except as permitted by the copyright laws without written authority from the copyright owner.
Queen's University's Thesis/Dissertation Non-Exclusive License for Deposit to QSpace and Library and Archives Canada
ProQuest PhD and Master's Theses International Dissemination Agreement
Intellectual Property Guidelines at Queen's University
Copying and Preserving Your Thesis
This publication is made available by the authority of the copyright owner solely for the purpose of private study and research and may not be copied or reproduced except as permitted by the copyright laws without written authority from the copyright owner.