| Defence Science Journal | |
| Reducing Attack Surface of a Web Application by Open Web Application Security Project Compliance | |
| Mukesh Verma1 Pallavi Mahajan3 Sumit Goswami1 Saurabh Swarnkar2 Nabanita R Krishnan1 | |
| [1] Directorate of Management Information System & Technologies, DRDO, New Delhi;IAP Company Pvt Ltd, Gurgaon;Beant College of Engineering and Technology, Punjab | |
| 关键词: Attack surface; DRDO Intranet; project management; open web application security project; security audit; security compliance; | |
| DOI : | |
| 学科分类:社会科学、人文和艺术(综合) | |
| 来源: Defence Scientific Information & Documentation Centre | |
 PDF
|
|
【 摘 要 】
The attack surface of a system is the amount of application area that isexposed to the adversaries. The overall vulnerability can be reduced byreducing the attack surface of a web application. In this paper, wehave considered the web components of two versions of an in-housedeveloped project management web application and the attack surface hasbeen calculated prior and post open web application security project(OWASP) compliance based on a security audit to determine and thencompare the security of this Project Management Application. OWASP is anopen community to provide free tools and guidelines for applicationsecurity. It was observed that the attack surface of the softwarereduced by 45 per cent once it was made OWASP compliant. The vulnerablesurface exposed by the code even after OWASP compliance was due to themandatory access points left in the software to ensure accessibilityover a network. Defence Science Journal, 2012, 62(5), pp.324-330 , DOI:http://dx.doi.org/10.14429/dsj.62.1291
【 授权许可】
Unknown
【 预 览 】
| Files | Size | Format | View |
|---|---|---|---|
| RO201912010140248ZK.pdf | 374KB |  download |
878987797
028-85220240
