Web Programming and Security Introduction - World Wide Web has evolved from a sy

Question

Web Programming and Security

Introduction -      

World Wide Web has evolved from a system that delivers static pages to a platform that supports distributed applications, known as web applications and become one of the most prevalent technologies for information and service delivery over Internet. The increasing popularity of web application can be attributed to several factors, including remote accessibility, cross-platform compatibility, fast development, etc. The AJAX (Asynchronous JavaScript and XML) technology also enhances the user experiences of web applications with better interactivity and responsiveness.

As web applications are increasingly used to deliver security critical services, they become a valuable target for security attacks. Many web applications interact with back-end database systems, which may store sensitive information (e.g., financial, health), the compromise of web applications would result in breaching an enormous amount of information, leading to severe economical losses, ethical and legal consequences. A breach report from a reputed telephone company shows that web applications now reign supreme in both the number of breaches and the amount of data compromised.

Statement of the problem-

The Web platform is a complex ecosystem composed of a large number of components and technologies, including HTTP protocol, web server and server-side application development technologies, web browser and client-side technologies. Web application built and hosted upon such a complex infrastructure faces inherent challenges posed by the features of those components and technologies and the inconsistencies among them. Current widely-used web application development and testing frameworks, on the other hand, offer limited security support. Thus secure web application development is an error prone process and requires substantial efforts, which could be unrealistic under time-to-market pressure and for people with insufficient security skills or awareness. As a result, a high percentage of web applications deployed on the Internet are exposed to security vulnerabilities. According to a report by the Web Application Security Consortium, about 49% of the web applications being reviewed contain vulnerabilities of high risk level and more than 13% of the websites can be compromised completely automatically. A recent report reveals that over 80% of the websites on the Internet have had at least one serious vulnerability.

Past research and experience reveal that different tools can have different effects on application security. The software engineering and software development communities have seen that an effective way to preclude buffer overflow vulnerabilities when developing a new application is to simply use a language that offers automatic memory management.

Rationale-

Challenges in the web security landscape:-

(A)Fine-grained access control.- Fine-grained access control policies define how the application authenticates and authorizes end users, from which application contexts the application can be consulted, and which interaction sequences maintain the application’s integrity (i.e. control-flow integrity). Our objective was to address a range of questions from formal foundation of authentication policies and protocols to the practicalities of authentication such as secure session management.

(B)Information-flow control.- Information-flow control specifies how sensitive data, possibly originating from multiple content providers in multiple trust domains, can be used in data aggregations, and client-side and server-side processing as is typically done in mashups. Challenges here include reconciling information-flow policies from several involved parties, with possibly conflicting goals. Moreover, tracking end-to-end information flow in web applications remains an open question. Our objective was to establish an enhanced understanding of how to make information-flow control policies and mechanisms practical in a web setting.

(C)Secure composition.- Secure composition policies specify how active third-party components, for instance written in JavaScript, can be securely integrated into applications via clientside and server-side mashups. By nature, web mashups heavily depend on interaction and communication across different origins, but contradictory, mashup security relies on separation techniques for protecting both code and data. As a result, traditional HTML techniques (mainly based on the same-origin policies) fail to address both the interaction and separation needs. We wanted to explore principled approaches to achieve the delicate balance between interaction and separation in security composition.

(D)Cross-domain interaction.- One of the original and still unresolved problems of the web is the inherent incompatibility between the cross-domain nature of the hyperlink and the same-origin security policy of its active content. In the recent past the situation has become even more complex with the introduction of client-side primitives for cross-domain interaction, such as CORS. Our objective was to assess the impact of current developments and identify promising directions for solutions.

(E)Recent advances in JavaScript and HTML5.- There are several technological advances in the latest versions of JavaScript (such as strict mode, frozen objects, proxies and SES), that might contribute to the security of web applications. In addition, the research community did make important steps forward in understanding and improving the language by formalizing its semantics. At the same time, web specification (including HTML5 and CSP) are adding tons of new features as well as security measures as part of the browsing environment. Our objective was to have an enhanced understanding of the latest trends and research advances in JavaScript and HTML5 with respect to security.

Review of the Literature-

It can focus on the problem of building secure web applications and protecting vulnerable ones. The contributions of this paper are:

(1) We present three aspects in web application development, which poses inherent challenges for building secure web applications, and identify three levels of security properties that a secure web application should hold: input validity, state integrity and logic correctness. Failure of web applications to fulfill the above security properties is the root cause of corresponding vulnerabilities, which allow for successful exploits.

(2) We classify existing research works into three categories: security by construction, security by verification and security by protection, based on their design principle (i.e., constructing vulnerability-free web applications, identifying and fixing vulnerabilities, or protecting vulnerable web applications against exploits at runtime, respectively) and how security properties are assured at different phases in the life cycle of web application. We are not trying to enumerate all the existing works but have covered most of the represented works.

(3) We identify several open issues that are insufficiently addressed in the existing literature. We also discuss future research opportunities in the area of web application security and the new challenges that are expected ahead. We structure the rest of this paper as follows. Then, we illustrate three essential security properties that a secure web application should hold, as well as corresponding vulnerabilities and attack vectors.we categorize and illustrate the state-of-theart of proposed techniques systematically.

Discussion-    

A secure web application has to satisfy desired security properties under the given threat model. In the area of Web application security , the following threat is usually considered:-                                                                                                                                                                          

The web application itself is benign (i.e., not hosted or owned for malicious purposes) and hosted on a trusted and hardened infrastructure i.e., the trust computing base, including OS, web server, interpreter, etc.

The attacker is able to manipulate either the contents or the sequence of web requests sent to the web application, but cannot directly compromise the infrastructure or the application code. The vulnerabilities within web application implementations may violate the intended security properties and allow for corresponding successful exploits.

A secure web application should preserve the following stack of security properties. Input validity means the user input should be validated before it can be utilized by the web application; state integrity means the application state should be kept untampered; logic correctness means the application logic should be executed correctly as intended by the developers. The above three security properties are related in a way that failure in preserving a security property at the lower level will affect the assurance of the security property at a higher level. For instance, if the web application fails to hold the input validity property, a cross site scripting attack can be launched by the attacker to steal the victim’s session cookie. Then, the attacker can hijack and tamper the victim’s web session, resulting in the violation of state integrity property. In the following sections, we describe the three security properties and show how the unique features of web application development complicate the security design for web applications. Given the threat model, user input data cannot be trusted. However, for the untrusted user data to be used in the application (e.g., composing web response or SQL queries), they have to be first validated. Thus, we refer to this security property as input validity property. All the user input should be validated correctly to ensure it is utilized by the web application in the intended way.

Ensuring logic correctness is key to the functioning of web applications. Since the application logic is specific to each web application, it is impossible to cover all the aspects by one description. Instead, a general description that covers most common application functionalities is given as follows, which we refer to as logic correctness property. Users can only access authorized information and operations and are enforced to follow the intended workflow provided by the web application.

Conclusions and Suggestions for Future Research-

This paper provided a comprehensive survey of recent research results in the area of web application security. We described unique characteristics of web application development, identified important security properties that secure web applications should preserve and categorized existing works into three major classes. We also pointed out several open issues that still need to be addressed. Web applications have been evolving extraordinarily fast with new programming models and technologies emerging, resulting in an ever-changing landscape for web application security with new challenges, which requires substantial and sustained efforts from security researchers. We outline several evolving trends and point out several pioneering works as follows. First, an increasing amount of application code and logic is moving to the client side, which brings new security challenges. Since the client-side code is exposed, the attacker is able to gain more knowledge about the application, thus more likely to compromise the server-side application state. Web applications is becoming more and more complex, which further exacerbates the absence of formal verification and robust protection mechanisms for application logic.

For example, when multiple web applications are integrated through APIs, their interactions may expose logic vulnerabilities. Third, an increasing number of web applications are embedding third-party programs or extensions, e.g., iGoogle gadgets, Facebook games etc. To automatically verify the security of third-party applications and securely integrate them is nontrivial. Last but not least, new types of attacks are always emerging, e.g., HTTP parameter pollution attack, which requires security professionals to quickly react without putting a huge number of web applications at risk.

References-

[1] Verizon 2010 Data Breach Investigations Report, “http://www.verizonbusiness.com/resources/reports/rp 2010-databreach-report en xg.pdf.”

[2] Web Application Security Statistics, “http://projects.webappsec.org/w/page/13246989/WebApplication SecurityStatistics.”

[3] WhiteHat Security, “WhiteHat website security statistic report 2010.”

Please extend this document and add more content and update it. to fill atleast 5 pages

Explanation / Answer

Web Programming and Security

Introduction -      

World Wide Web has evolved from a system that delivers static pages to a platform that supports distributed applications, known as web applications and become one of the most prevalent technologies for information and service delivery over Internet. The increasing popularity of web application can be attributed to several factors, including remote accessibility, cross-platform compatibility, fast development, etc. The AJAX (Asynchronous JavaScript and XML) technology also enhances the user experiences of web applications with better interactivity and responsiveness.

As web applications are increasingly used to deliver security critical services, they become a valuable target for security attacks. Many web applications interact with back-end database systems, which may store sensitive information (e.g., financial, health), the compromise of web applications would result in breaching an enormous amount of information, leading to severe economical losses, ethical and legal consequences. A breach report from a reputed telephone company shows that web applications now reign supreme in both the number of breaches and the amount of data compromised.

Web sites are unfortunately prone to security risks. And so are any networks to which web servers are connected. Setting aside risks created by employee use or misuse of network resources, your web server and the site it hosts present your most serious sources of security risk.

Web servers by design open a window between your network and the world. The care taken with server maintenance, web application updates and your web site coding will define the size of that window, limit the kind of information that can pass through it and thus establish the degree of web security you will have.

Statement of the problem-

The Web platform is a complex ecosystem composed of a large number of components and technologies, including HTTP protocol, web server and server-side application development technologies, web browser and client-side technologies. Web application built and hosted upon such a complex infrastructure faces inherent challenges posed by the features of those components and technologies and the inconsistencies among them. Current widely-used web application development and testing frameworks, on the other hand, offer limited security support. Thus secure web application development is an error prone process and requires substantial efforts, which could be unrealistic under time-to-market pressure and for people with insufficient security skills or awareness. As a result, a high percentage of web applications deployed on the Internet are exposed to security vulnerabilities. According to a report by the Web Application Security Consortium, about 49% of the web applications being reviewed contain vulnerabilities of high risk level and more than 13% of the websites can be compromised completely automatically. A recent report reveals that over 80% of the websites on the Internet have had at least one serious vulnerability.

Past research and experience reveal that different tools can have different effects on application security. The software engineering and software development communities have seen that an effective way to preclude buffer overflow vulnerabilities when developing a new application is to simply use a language that offers automatic memory management.

"Web security" is relative and has two components, one internal and one public. Your relative security is high if you have few network resources of financial value, your company and site aren't controversial in any way, your network is set up with tight permissions, your web server is patched up to date with all settings done correctly, your applications on the web server are all patched and updated, and your web site code is done to high standards.

Your web security is relatively lower if your company has financial assets like credit card or identity information, if your web site content is controversial, your servers, applications and site code are complex or old and are maintained by an underfunded or outsourced IT department. All IT departments are budget challenged and tight staffing often creates deferred maintenance issues that play into the hands of any who want to challenge your web security.

If you have assets of importance or if anything about your site puts you in the public spotlight then your web security will be tested. We hope that the information provided here will prevent you and your company from being embarrassed - or worse.

It's well known that poorly written software creates security issues. The number of bugs that could create web security issues is directly proportional to the size and complexity of your web applications and web server. Basically, all complex programs either have bugs or at the very, least weaknesses. On top of that, web servers are inherently complex programs. Web sites are themselves complex and intentionally invite ever greater interaction with the public. And so the opportunities for security holes are many and growing.

Technically, the very same programming that increases the value of a web site, namely interaction with visitors, also allows scripts or SQL commands to be executed on your web and database servers in response to visitor requests. Any web-based form or script installed at your site may have weaknesses or outright bugs and every such issue presents a web security risk.

Contrary to common knowledge the balance between allowing web site visitors some access to your corporate resources through a web site and keeping unwanted visitors out of your network is a delicate one. There is no one setting, no single switch to throw that sets the security hurdle at the proper level. There are dozens of settings if not hundreds in a web server alone, and then each service, application and open port on the server adds another layer of settings. And then the web site code... you get the picture.

Add to that the different permissions you will want to grant visitors, prospects, customers, partners and employees. The number of variables regarding web security rapidly escalates.

A web security issue is faced by site visitors as well. A common web site attack involves the silent and concealed installation of code that will exploit the browsers of visitors. Your site is not the end target at all in these attacks. There are, at this time, many thousands of web sites out there that have been compromised. The owners have no idea that anything has been added to their sites and that their visitors are at risk. In the meantime visitors are being subject to attack and successful attacks are installing nasty code onto the visitor's computers.

Rationale-

Challenges in the web security landscape:-

(A)Fine-grained access control.- Fine-grained access control policies define how the application authenticates and authorizes end users, from which application contexts the application can be consulted, and which interaction sequences maintain the application’s integrity (i.e. control-flow integrity). Our objective was to address a range of questions from formal foundation of authentication policies and protocols to the practicalities of authentication such as secure session management.

(B)Information-flow control.- Information-flow control specifies how sensitive data, possibly originating from multiple content providers in multiple trust domains, can be used in data aggregations, and client-side and server-side processing as is typically done in mashups. Challenges here include reconciling information-flow policies from several involved parties, with possibly conflicting goals. Moreover, tracking end-to-end information flow in web applications remains an open question. Our objective was to establish an enhanced understanding of how to make information-flow control policies and mechanisms practical in a web setting.

(C)Secure composition.- Secure composition policies specify how active third-party components, for instance written in JavaScript, can be securely integrated into applications via clientside and server-side mashups. By nature, web mashups heavily depend on interaction and communication across different origins, but contradictory, mashup security relies on separation techniques for protecting both code and data. As a result, traditional HTML techniques (mainly based on the same-origin policies) fail to address both the interaction and separation needs. We wanted to explore principled approaches to achieve the delicate balance between interaction and separation in security composition.

(D)Cross-domain interaction.- One of the original and still unresolved problems of the web is the inherent incompatibility between the cross-domain nature of the hyperlink and the same-origin security policy of its active content. In the recent past the situation has become even more complex with the introduction of client-side primitives for cross-domain interaction, such as CORS. Our objective was to assess the impact of current developments and identify promising directions for solutions.

(E)Recent advances in JavaScript and HTML5.- There are several technological advances in the latest versions of JavaScript (such as strict mode, frozen objects, proxies and SES), that might contribute to the security of web applications. In addition, the research community did make important steps forward in understanding and improving the language by formalizing its semantics. At the same time, web specification (including HTML5 and CSP) are adding tons of new features as well as security measures as part of the browsing environment. Our objective was to have an enhanced understanding of the latest trends and research advances in JavaScript and HTML5 with respect to security.

Review of the Literature-

It can focus on the problem of building secure web applications and protecting vulnerable ones. The contributions of this paper are:

(1) We present three aspects in web application development, which poses inherent challenges for building secure web applications, and identify three levels of security properties that a secure web application should hold: input validity, state integrity and logic correctness. Failure of web applications to fulfill the above security properties is the root cause of corresponding vulnerabilities, which allow for successful exploits.

(2) We classify existing research works into three categories: security by construction, security by verification and security by protection, based on their design principle (i.e., constructing vulnerability-free web applications, identifying and fixing vulnerabilities, or protecting vulnerable web applications against exploits at runtime, respectively) and how security properties are assured at different phases in the life cycle of web application. We are not trying to enumerate all the existing works but have covered most of the represented works.

(3) We identify several open issues that are insufficiently addressed in the existing literature. We also discuss future research opportunities in the area of web application security and the new challenges that are expected ahead. We structure the rest of this paper as follows. Then, we illustrate three essential security properties that a secure web application should hold, as well as corresponding vulnerabilities and attack vectors.we categorize and illustrate the state-of-theart of proposed techniques systematically.

The Web Application Security Consortium (WASC) is pleased to announce the WASC Web Application Security Statistics Project 2008. This initiative is a collaborative industry wide effort to pool together sanitized website vulnerability data and to gain a better understanding about the web application vulnerability landscape. We ascertain which classes of attacks are the most prevalent regardless of the methodology used to identify them. Industry statistics such as those compiled by Mitre CVE project provide valuable insight into the types of vulnerabilities discovered in open source and commercial applications, this project tries to be the equivalent for custom web applications.

Goals

Discussion-    

A secure web application has to satisfy desired security properties under the given threat model. In the area of Web application security , the following threat is usually considered:-                                                                                                                                                                          

The web application itself is benign (i.e., not hosted or owned for malicious purposes) and hosted on a trusted and hardened infrastructure i.e., the trust computing base, including OS, web server, interpreter, etc.

The attacker is able to manipulate either the contents or the sequence of web requests sent to the web application, but cannot directly compromise the infrastructure or the application code. The vulnerabilities within web application implementations may violate the intended security properties and allow for corresponding successful exploits.

A secure web application should preserve the following stack of security properties. Input validity means the user input should be validated before it can be utilized by the web application; state integrity means the application state should be kept untampered; logic correctness means the application logic should be executed correctly as intended by the developers. The above three security properties are related in a way that failure in preserving a security property at the lower level will affect the assurance of the security property at a higher level. For instance, if the web application fails to hold the input validity property, a cross site scripting attack can be launched by the attacker to steal the victim’s session cookie. Then, the attacker can hijack and tamper the victim’s web session, resulting in the violation of state integrity property. In the following sections, we describe the three security properties and show how the unique features of web application development complicate the security design for web applications. Given the threat model, user input data cannot be trusted. However, for the untrusted user data to be used in the application (e.g., composing web response or SQL queries), they have to be first validated. Thus, we refer to this security property as input validity property. All the user input should be validated correctly to ensure it is utilized by the web application in the intended way.

Ensuring logic correctness is key to the functioning of web applications. Since the application logic is specific to each web application, it is impossible to cover all the aspects by one description. Instead, a general description that covers most common application functionalities is given as follows, which we refer to as logic correctness property. Users can only access authorized information and operations and are enforced to follow the intended workflow provided by the web application.

Your web applications are under siege. Cyber-criminals attack around the clock, steal data, disrupt access, and compromise website credentials to commit further fraud. Next generation firewalls, Intrusion Prevention Systems and other traditional network security controls don’t stop the latest industrialized, multi-vector attacks, leaving your organization exposed to costly and damaging breaches and downtime. Web Application Security solutions from Imperva enable you to prevent breaches and downtime by protecting your data where it’s accessed – your web applications – securing them against web attacks, DDoS, site scraping, and fraud.

Secure web application development should be enhanced by applying security checkpoints and techniques at early stages of development as well as throughout the software development lifecycle. Special emphasis should be applied to the coding phase of development. Security mechanisms that should be used include, threat modeling, risk analysis, static analysis, digital signature, among others.

Conclusions and Suggestions for Future Research-

This paper provided a comprehensive survey of recent research results in the area of web application security. We described unique characteristics of web application development, identified important security properties that secure web applications should preserve and categorized existing works into three major classes. We also pointed out several open issues that still need to be addressed. Web applications have been evolving extraordinarily fast with new programming models and technologies emerging, resulting in an ever-changing landscape for web application security with new challenges, which requires substantial and sustained efforts from security researchers. We outline several evolving trends and point out several pioneering works as follows. First, an increasing amount of application code and logic is moving to the client side, which brings new security challenges. Since the client-side code is exposed, the attacker is able to gain more knowledge about the application, thus more likely to compromise the server-side application state. Web applications is becoming more and more complex, which further exacerbates the absence of formal verification and robust protection mechanisms for application logic.

For example, when multiple web applications are integrated through APIs, their interactions may expose logic vulnerabilities. Third, an increasing number of web applications are embedding third-party programs or extensions, e.g., iGoogle gadgets, Facebook games etc. To automatically verify the security of third-party applications and securely integrate them is nontrivial. Last but not least, new types of attacks are always emerging, e.g., HTTP parameter pollution attack, which requires security professionals to quickly react without putting a huge number of web applications at risk.

Web application security, explains common security terminology and presents a set of proven security principles upon which many of the recommendations throughout this guide are based. It presents an overview of the security process and explains why a holistic approach to security that covers multiple layers including the network, host and application, is required to achieve the goal of hack-resilient Web applications.

Related Questions

Navigate

• Browse (All)
• Browse W
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.