Analyzing and Defending Web Application Vulnerabilities through Proposed Security Model in Cloud Computing

Abstract

Security of web applications from attackers is one of a challenging task in cloud computing infrastructure.
Unsecure source code is one of a top reason for cyber-attacks, due to which valuable data like username,
password, credit card information or even personal information related to aadhar enabled biometric system, can
be compromised. Most of the vulnerabilities in web application source code is related to Open Web Application
Security Project (OWASP), these vulnerabilities are SQL, NoSQL, LDAP Injection, Broken Authentication,
Sensitive data exposure, XML external entities, broken access control, security misconfiguration, Cross site
scripting (XSS), Insecure deserialization and insufficient monitoring and logging etc. Vulnerable web
applications are the hot spot for hackers. According to Symantec’s Internet Security Threat Report published in
July 2017, more than 2 lakh attacks against websites occur each day and more than 76% websites hosted in
cloud contain un-patched vulnerabilities. This paper proposes a new innovative conceptual security tool name as
SECUREWEB. This tool will detect vulnerabilities in web application source code and automatically patch
detected vulnerabilities and return secure source code free from any identified vulnerabilities. This tool works
on the concept of proxy based source code analyzer SECUREEYE model for detecting OWASP Top 10
vulnerabilities and SECURESOLUTION model for auto patching of detected vulnerabilities.