A SHORT STUDY ON THE CURRENT STATUS OF WEB APPLICATIONS SECURITY IN AFRICA AND ACROSS THE WORLD

Authors

  • Dougesha Chady Northampton University, in Association with Amity Global Business School, Mauritius

DOI:

https://doi.org/10.20319/mijst.2019.52.229238

Keywords:

Web Applications, Web Security, Data Theft

Abstract

This new digitalized era is bringing lots of advantages in the world of business today as many processes are being automated through web applications to ease the fast paced work life of people making things more rapidly and efficiently. However, due to some weaknesses in the configuration and development of web applications, it becomes easy for hackers to identify and exploit loopholes found in web applications. For that reason, it becomes vital to emphasize on the importance of web security. Therefore, a qualitative research methodology is used to investigate on the topic. To elaborate, the aim of this paper is to identify the common causes of data theft that occurred during the last few years, especially regarding the outbreak that happened in South Africa. Finally, few researches and development done in the area of security like SQl injection, Cross site scripting and others were examined.

References

Ami.P and Hasan.A(2012)."Seven Phrase Penetration Testing Model," International Journal of Computer Applications, vol. 59, no.5, p. ISSN: 0975 – 8887. https://doi.org/10.5120/9543-3991

Balzarotti D., Cova M., Felmetsger V., Jovanovic.N, Kirda.E, Krugel.C, and Vigna.G Saner (2008).composing static and ¨dynamic analysis to validate sanitization in web applications. In Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, USA. https://doi.org/10.1109/SP.2008.22

Cisco (2019). Cisco RV110W, RV130W, and RV215W Routers Management Interface Remote Command Execution Vulnerability. [online] Available at: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190227-rmi-cmd-ex.

Cert-Mu (2019). Computer Security Incident Response Team of Mauritius -Home. [online] Cert-mu.govmu.org. Available at: http://cert-mu.govmu.org/English/Pages/default.aspx.

Croock, G. (2016). An Africa Perspective: Cyber Threats, Security and Data Protection. [online] Bdo.co.za. Available at: https://www.bdo.co.za/en-za/insights/2016/cyber/an-africa-perspective-cyber-threats-security-and-data-protection.

Cenzic (2009).“Web application security trends report Q3-Q4, 2008”, available at: www.cenzic. com/downloads/Cenzic_AppSecTrends_Q3-Q4-2008.pdf.

Chen, S., Choo, C. and Chow, R. (2006).“Internet security: a novel role/object-based access controlfor digital libraries”, Journal of Organizational Computing and Electronic Commerce, Vol. 16 No. 2, pp. 87-103. https://doi.org/10.1207/s15327744joce1602_1

Frenz. C. M., Yoon. J. P. (2012).“XSSmon: A Perl Based IDS for the Detection of Potential XSS Attacks”,Systems, Applications and Technology Conference (LISAT), IEEE Long Island. https://doi.org/10.1109/LISAT.2012.6223107

Fihlani, P. (2017). Millions caught in SA's 'worst data breach'. [online] BBC News. Available at: https://www.bbc.com/news/world-africa-41696703.

Fraser, A. (2017). Revealed: the real source of SA's massive data breach - TechCentral. [online] TechCentral. Available at: https://techcentral.co.za/revealed-real-source-sas-massive-data-breach/77626.

Itnewsafrica.com. (2019). F5 releases first annual Application Protection Report |IT News Africa – Up to date technology news, IT news, Digital news, Telecom news, Mobile news, Gadgets news, Analysis and Reports | Africa's Technology News Leader. [online] Available at: https://www.itnewsafrica.com/2018/12/f5-releases-first-annual-application-protection-report.

IBM (2018). IBM Security Bulletin: IBM InfoSphere Information Server is vulnerable to a Cross-Frame scripting issue (CVE-2018-1432) - United States. [online] Www-01.ibm.com. Available at: http://www-01.ibm.com/support/docview.wss?uid=swg22014911.

Jovanovic.N, Kruegel.C, and Kirda.E ( 2006). Pixy: A Static Analysis Tool for Detecting Web Application Vulnerabilities (Short Paper). In Proceedings of the 2006 IEEE Symposium on Security and Privacy, pages 258–263, Oakland, CA, USA, IEEE Computer Society https://doi.org/10.1109/SP.2006.29

K.,. K. K. Ankita Gupta(2014), "Vulnerability Assessment and Penetration Testing," International Journal of Engineering Trends and Technology-, vol. 4, no. 3.

Khaitan, R. (2017). The 10 Countries Suffering Most The WannaCry Malware Attack. [online] Frontera. Available at: https://frontera.net/news/global-macro/1-the-10-countries-most-affected-by-the-wannacry-malware-attack. https://doi.org/10.25089/MERI/2017/v10/i2/151167

Khairkar.D, Deepak D Kshirsagar, Sandeep Kumar(2013), “Ontology for Detection of Web Attacks”, International Conference on Communication Systems and Network Technologies. https://doi.org/10.1109/CSNT.2013.131

Kiruthika, J., Khaddaj, S., Greenhill, D. and Francik, J. (2016). User Experience design in web applications. IEEE International Conference on Computational Science and Engineering, 978-1-5090-3593-9/16(10.1109), p.642. https://doi.org/10.1109/CSE-EUC-DCABES.2016.253

Livshits. V. B. and Lam. M. S..( 2005).Finding Security Errors in Java Programs with Static Analysis. In Proceedings of the 14th USENIX Security Symposium, pages 271–286.

Lang, L. (2018). Five Trends That Will Shape IT In 2019. [online] Forbes.com. Available at: https://www.forbes.com/sites/theyec/2018/11/28/five-trends-that-will-shape-it-in-2019/#41102d73f399.

Li, L., Dong, Q., Zhu, L. and Liu, D. (2013). The Appilication of Fuzzing in Web software security vulnerabilities Test. 2013 International Conference on Information Technology and Applications, 978-1-4799-2876-7/13, p.130. https://doi.org/10.1109/ITA.2013.36

Matu, P. (2019). Companies In Africa Can't Afford To Turn A Blind Eye To Cyber Security. [online] Forbes.com. Available at: https://www.forbes.com/sites/riskmap/2017/07/11/companies-in-africa-cant-afford-to-turn-a-blind-eye-to-cyber-security.

Mehta T. S. and Jamwal. S. (2015).“Model to prevent websites from xss vulnerabilities,” IJCSIT) International Journal of Computer Science and Information Technologies, vol. 6, no. 2, pp. 1059–1067.

Malviya V. K., Saurav.S (2013).“On Security Issues in Web Applications through Cross Site Scripting (XSS)”,20th Asia-Pacific Software Engineering Conference. https://doi.org/10.1109/APSEC.2013.85

Pietraszek.T, Berghe.C.V (2005). Defending Against Injection Attacks through Context Sensitive String Evaluation. In: Proc. Recent Advances in Intrusion Detection. 8th International Symposium. Seattle: 124-145. https://doi.org/10.1007/11663812_7

Putthacharoen.R, Bunyatnoparat.P, (2011).Protecting Cookies from Cross Site Script Attacks Using Dynamic Cookies Rewriting Technique. “Method for Detecting Cross-Site Scripting Attacks".

Press, g. (2019). 60 Cybersecurity Predictions For 2019. [online] Forbes.com. Available at: https://www.forbes.com/sites/gilpress/2018/12/03/60-cybersecurity-predictions-for-2019/#63f0c7e04352.

Piyushkumar A. Sonewar, Nalini A. Mhetre(2014)."A Survey of Intrusion Detection System for Web Application", International Journal of Engineering Research and Technology Vol. 1 (02), ISSN 2278 –0181.

Piyushkumar A. Sonewar, Nalini A. Mhetre (2015).A Novel Approach for Detection of SQL Injection and Cross Site Scripting Attacks ", IEEE's International Conference on pervasive computing (ICPC).

Park Y J, J C Park (2008)."Web Application Intrusion Detection System for Input Validation Attack", Third International Conference on Convergence and Hybrid Information Technology. https://doi.org/10.1109/ICCIT.2008.338

Robertson.W and Vigna.G(2009).Static enforcement of web application integrity through strong typing. In Proceedings of the 18th USENIX Security Symposium, pages 283–298. USENIX Association.

Scholte, T., Robertson, W., Kirda, E. and Balzarotti, D. (2012). Preventing Input Validation Vulnerabilities in Web Applications through Automated Type Analysis. IEEE 36th International Conference on Computer Software and Applications, 0730-3157, p.233. https://doi.org/10.1109/COMPSAC.2012.34

Sherry.D(2010).Web 2.0 Security Threats and How to Defend Against Them, https://searchsecurity.techtarget.com/magazineContent/Web-20-security-threats-and-how-to-defend-against-them.

SAAL, P. (2018). Data leak exposes personal records of nearly 1 million South Africans. [online] Available at: https://www.timeslive.co.za/news/sci-tech/2018-05-24-data-leak-exposes-personal-records-of-nearly-1-million-south-africans.

Samuel.M, Saxena. P and D. Song(2011). Context-sensitive autosanitization in web templating languages using type qualifiers. In Proceedings of the 18th ACM conference on Computer and communications security, CCS ’11, pages 587–600, New York, NY, USA, ACM. https://doi.org/10.1145/2046707.2046775

Seals, T. (2019). Citrix Falls Prey to Password-Spraying Attack. [online] Threatpost.com. Available at: https://threatpost.com/citrix-password-spraying/142649.

Simon, M. (2018). Facebook account hack FAQ: What happened, how it affects you, and what you should do now. [online] PCWorld. Available at: https://www.pcworld.com/article/3310040/facebook-account-breach-faq.html.

Sukhoo.A,(2019).‘A study on web security in a public organization in Mauritius’.Level 3, Mindspace Building, Bhumi Park, Cybercity, Ebene, Mauritius, 72201.

T. W. A. S. Consortium. (2014).Insufficient transport layer protection. [Online]. Available: http://projects.webappsec.org/w/page/13246927/FrontPage.

Tajpour A., Massrum M. (2010).“Comparison of SQL Injection Detection and Prevention Techniques”,2nd International Conforence on Education Technology and Computer (ICETC).

Uskov,A.(2013).Software and web Applications Security: State-of-the-Art Courseware and Learning Paradigm. IEEE global engineering Education Conference, 978-1-4673- 6110-1/13,p.608. https://doi.org/10.1109/EduCon.2013.6530168

Viega, J. and McGraw, G. (2001). Building Secure Software, How to Avoid Security Problems the Right Way, 1st ed., Addison-Wesley Professional Computing Series, New York, NY.

Vermeulen, J. (2018). Huge data breach discovered with South African websites listed – Report. [online] Mybroadband.co.za. Available at: https://mybroadband.co.za/news/security/250443-huge-data-breach-discovered-with-south-african-websites-listed-report.html.

Wassermann.G and Su.Z (2007).Sound and Precise Analysis of Web Applications for Injection Vulnerabilities. In Proceedings of the ACM SIGPLAN 2007 Conference on Programming Language Design and Implementation, San Diego, CA, USA, ACM. https://doi.org/10.1145/1250734.1250739

Weinberger.J, Saxena.P, Akhawe.D, Finifter.M, Shin.R, and Song.D(2011). An Empirical Analysis of XSS Sanitization inWeb Application Frameworks. Technical report, UC Berkeley. https://doi.org/10.1007/978-3-642-23822-2_9

Zaher Al Shebli, H. and Beheshti, B. (2018). A Study on Penetration Testing Process and Tools. 2018 IEEE Long Island Systems, Applications and Technology Conference (LISAT), 17842208. https://doi.org/10.1109/LISAT.2018.8378035

Downloads

Published

2019-10-19

How to Cite

Chady, D. (2019). A SHORT STUDY ON THE CURRENT STATUS OF WEB APPLICATIONS SECURITY IN AFRICA AND ACROSS THE WORLD . MATTER: International Journal of Science and Technology, 5(2), 229–238. https://doi.org/10.20319/mijst.2019.52.229238

Issue

Vol. 5 No. 2 (2019): Regular Issue

Section

Articles

License

Copyright of Published Articles

Author(s) retain the article copyright and publishing rights without any restrictions.

Creative Commons License
All published work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.