TY - JOUR
T1 - Secure Web Application Development Prototype Using Enterprise Security Application Programming Interface (ESAPI)
AU - Rasheed, Abdul Barakath Mohamed
AU - Shanmugam, Bharanidharan
AU - Samy, Ganthan Narayana
AU - Maarop, Nurazean
AU - Magalingam, Pritheega
AU - Yeo, Kheng
AU - Azam, Sami
PY - 2017
Y1 - 2017
N2 - The web application has been playing a key role in the development of modern society. Unlike traditional applications, modern web applications are generally more exposed to untrusted users, data and transmission medium. According to a cenzic 2014 report 96% of all applications tested in 2013 have one or more serious security vulnerability. The root causes behind these vulnerabilities are lack of application security awareness, design flaws and secure coding. Furthermore, developers frequently see functionality as more important than security. Therefore, this study proposed a simple implementation of the single security Application Programming Interface (API) that could minimize web application security flaws and prevent from critical malicious attacks. A prototype application is developed with open web Application Security Project (OWASP) enterprise security application API based on Rapid Application Development (RAD) methodology. Thus, this study been carried out with an aim to fill the gap between web application development and application security domain.
AB - The web application has been playing a key role in the development of modern society. Unlike traditional applications, modern web applications are generally more exposed to untrusted users, data and transmission medium. According to a cenzic 2014 report 96% of all applications tested in 2013 have one or more serious security vulnerability. The root causes behind these vulnerabilities are lack of application security awareness, design flaws and secure coding. Furthermore, developers frequently see functionality as more important than security. Therefore, this study proposed a simple implementation of the single security Application Programming Interface (API) that could minimize web application security flaws and prevent from critical malicious attacks. A prototype application is developed with open web Application Security Project (OWASP) enterprise security application API based on Rapid Application Development (RAD) methodology. Thus, this study been carried out with an aim to fill the gap between web application development and application security domain.
U2 - 10.36478/ajit.2017.7.13
DO - 10.36478/ajit.2017.7.13
M3 - Article
SN - 1682-3915
VL - 16
SP - 7
EP - 13
JO - Asian Journal of Information Technology
JF - Asian Journal of Information Technology
IS - 1
ER -