Security Coding Technique for Web Applications
Main Article Content
Abstract
We propose a method that provides information-theoretic security for client-server communications. An appropriate encoding scheme based on wiretap codes is used to show how a client -server architecture under active attacks can be modeled as a binary-erasure wiretap channel. The secrecy capacity of the equivalent wiretap channel is used as a metric to optimize the architecture and limit the impact of the attacks. We also provide a method to design attack-resistant client-server architectures that are resilient and secure using wiretap codes. Specifically, the objective is not only to ensure reliable communication between client and servers in the presence of disrupted nodes, but also to guarantee that a malicious attacker hacking the packet information at compromised nodes is unable to retrieve the content of the message being exchanged. In principle, standard encryption techniques could be implemented to ensure secure communication between client and servers; however, instead of using traditional cryptographic tools to encrypt information contained in the packet, the proposed approach exploits the fact that the attacker only gets parts of the packets sent by the client. we define wiretap model as a java web application security framework in order to solve web application vulnerabilities. Wiretap model extends web application’s behavior by adding security functionalities maintaining the API and the framework specification. The security functionalities include Integrity, Editable data validation, Confidentiality, Anti-CSRF token.
Â
Â
Keywords- Client-server architecture ,Cross-site scripting, Denial of service, Host compromise attacks, Distributed DoS attack, , network security, parameter tampering, secrecy capacity, SQL Injection , vulnerabilities., wiretap channel
Downloads
Article Details
COPYRIGHT
Submission of a manuscript implies: that the work described has not been published before, that it is not under consideration for publication elsewhere; that if and when the manuscript is accepted for publication, the authors agree to automatic transfer of the copyright to the publisher.
Authors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work
- The journal allows the author(s) to retain publishing rights without restrictions.
- The journal allows the author(s) to hold the copyright without restrictions.