Droid Mood Swing 😄

Securing web applications with secure coding practices and integrity verification

Abstract

The concept of security in web applications is not new. However, it is often ignored in the development stages of the applications. Being multitiered and spread across different domains, it is challenging to come up with a security solution that works for all web applications. Moreover, developers are more inclined to implement features and often do not practice secure coding. Therefore, countless web applications are launched with security vulnerabilities like cross-site scripting, injection attacks and resource alterations. In addition, code tampering on the client side is a serious security risk for web applications. In our opinion, integrating security features should be a part of the development process. Without practicing secure coding and having an integrity verification system in place, it is difficult to defend security attacks. In this paper, we present a system that helps developers to implement security measures on the client side code based on the best practices of secure coding. We also develop an integrity verification module to prevent code tampering attacks on the client side. The proposed approach can be integrated with both new and existing web applications. We implement our approach for a number of JavaScript-based applications and the results show that our approach increased the security of the applications and prevented any modifications performed on the client side.

Publication
In Proceedings of the 16th IEEE Conference on Dependable, Autonomic and Secure Computing (DASC), IEEE
Date
Links