Validation and Integrity Mechanism for Web Application Security
Abstract
Recently the world of web applications has witnessed a huge wave of attacks that caused a lot of web applications to get defaced and for a lot of businesses to lose financially and to lose the integrity between those companies and their users .since web hacking became common knowledge on the Internet and most of the defacements that happens on daily basis are going under a random way, the security specialists are trying to get new solutions that will help reduce the possibility of causing much damage to web applications even after the process of infiltration.
In this research an enhanced web application solution was proposed, which is a validation and integrity component that can be easily installed on any web application firewall (WAF), in order to help in solving the problem mentioned and raise the level of trust between user's and web application hosts/owners also restore the lost data caused by hacking attempts in simple and systematic way.
Keywords
Download Options
Introduction
Recently, the growth of web applications usage started to rise in a large way, which made the possibility of more web application vulnerabilities to appear and more hacking attempts to happen on daily basis [1]. The development of web applications witnessed a huge revolution along with the revolution of the Internet. Web applications are becoming very essential in the daily activities of persons and companies [1][2]. Some of these activities contain confidential information about the user such as credit card numbers, passwords, and money authorization transactions information.
The security of the user’s information is a major concern for all companies’ owners and administrators due to the successful attacks against web applications across the history. Many attackers may be able to compromise some web applications and access private data across the global net by exploiting several known and un-known web application vulnerabilities [3][4]. Such cyber-attacks can cause financial loss for many parties including private companies and any other type of infrastructure. They are also a main reason for users to lose trust and integrity in many private and governmental institutions. Therefore, there is a major need for developing researches and find methods for preventing and detecting any possible attack against such web based infrastructure, securing databases and help making the data more private for the users. Furthermore, there is a need to take pre-steps and create a method to restore lost data after the occurrence of the attack as fast as possible and help raise the integrity level of the content inside the web application.
Conclusion
This research presented a component that aims to enhance the performance of web application firewalls and reduce the possibility of causing damage after the attack occurrence.
The enhanced component and phases are explained to show the process of interaction between the administrator and the installed component.
This research has made the following contributions:
Provided a solution to strengthen the integrity between the users and the web-application owners.
Prevent major content losses inside the web application after the infiltration.
The proposed component can produce a report for the changes that the attacker made in-side the web application.
The proposed component provides an easy and flexible solution with an easy to use GUI.