Security Framework for Web Applications

Abstract

As the advancement and progression in internet technologies and computers, one of the main issue which came in the limelight is web security. Every person in the world is using internet as their daily routine but they are not aware with the risks of it. People are doing online transaction without knowing that if they don't use some security mech- anisms, someone can steal their session ids and can empty their accounts. Attackers are still able to fool people with some phishing mails which looks like a mail from their bank, asking for their account details. After every few years, Open Web Application Security Project, publishes a list of top 10 vulnerabilities which are mostly seen in web applications. The top two in the list is SQL Injection and Cross site Scripting [1]. Many websites are also hacked just because of bad le permissions are assigned to website's le and folders and attackers are easily able to put their mailicious code in some core files. There are various security mechanisms proposed, to make the websites more secure and to detect the attacks. In this paper ideas proposing a web security framework to prevent/detect the attacks related to web applications have been discussed. There are many types of authentication mechanisms available like passwords, biomet- ric (voice, face and fingerprint) etc, but passwords are easy to implement and easy for users to understand. Passwords also have many drawbacks like if passwords are short or a dictionary word, it can be easy guessed or brute forced by an attacker. It is a difficult task to create and remember passwords that are hard for an attacker to guess. So here we are also proposing a usable password generator which generates usable and memorable passwords for users.