SYNOPSIS

ON
Web application Security

Submitted
To
Lovely Professional University, Phagwara
(For the partial fulfillment of the degree of MCA-V SEM)

SUPERVISED BY
JYOTI MAM
(Assistant Professor)

Fiber Channel Architecture

SUBMITTED BY:
Name : Gaurav Srivastava
Roll No. : RD1206B29
Reg. No. : 11204430

Introduction
Users who access web applications must be allowed through network
perimeter security. However, a user may be an attacker in disguise and now is
one step closer to data assets. The increased reliance on web applications, the
blurring of the desktop and web environment, the rate of adoption of new web
application technology, and the growing complexity of web applications
creates an environment ripe for vulnerabilities. All of these factors further
emphasize the need for attention to web application security. Web application
security starts with secure network, web server, and operating system
configuration. NSA has published a number of guides that are available at the
sites referenced at the end of this document. However many problems
associated with web applications arise from the design of the application itself,
and not any specific configuration issue. Many resources are available for the
manager, the developer, and the system administrator to guide, write, and
deploy secure web applications. One well-respected industry source is the
Open Web Application Security Project (OWASP), an open community
dedicated to application security.
Anatomy of Web Requests and URLs
HTTP and HTTPS
http://example.com/path/to/application.cgi?param1=value1&param2=value2
At the beginning of a URL there is the designated communication protocol (in
this case http). The protocol designates how the web browser and the web
server communicate with each other. HTTP12 is a stateless protocol. This
means when a user wants something, a connection to the web server is
established, a request is sent, and a response is received. Afterwards the
connection is severed. HTTPS is another common protocol specification which
is HTTP wrapped with Secure Sockets Layer 13 (SSL) encryption. SSL
connections, indicated by a tiny lock symbol in web browser window ( ),
ensures that information sent to and from a website is encrypted. Anyone
monitoring the network traffic will not be able to read the data. This is great for
protecting credit card numbers, social security numbers, and other forms of
sensitive data traveling across the network.

Fiber Channel Architecture

Goal
1. Identify all known web application security classes of attack.
2. Agree on naming for each class of attack.
3. Develop a structured manner to organize the classes of attack.
4. Develop documentation that provides generic descriptions of each class
of attack.

Vulnerability Assessment and Management

There are three key points to consider when assessing web applications:
1. Web applications are inherently unique.
2. Assessing your production website is essential.
3. Communication between the development and security teams is critical.

Fiber Channel Architecture