Securing Web Applications through a Framework of Source Code Analysis
- 1 BBA University, India
- 2 Prince Sultan University, Saudi Arabia
Abstract
Source code analysis is becoming extremely important for the universal acceptance of web applications because the automated source code analysis tools play a key role in identifying and fixing security-related vulnerabilities. This paper proposes a framework for securing web applications through source code analysis. The framework has three prescriptive phases including executing and monitoring, classifying and controlling and refining and managing. The framework helps to examine the web application source code related to security issues. The executing and monitoring phase employs five different open source tools for statically analyzing the source code. According to the literature, there are nine broad categories of vulnerabilities in web applications. After filtration of these vulnerabilities, classifying and controlling phase categorize the vulnerabilities according to their severity level with the help of fuzzy analytical analysis process and suggestive measures. The refining and managing phase takes these measures and suggests changes to the source code to make it more secure. This framework was validated through a web-based hospital management system. The results of the validation showed that the framework implementation made the source code more robust towards the upcoming vulnerabilities and bugs.
DOI: https://doi.org/10.3844/jcssp.2019.1780.1794
Copyright: © 2019 Alka Agrawal, Mamdouh Alenezi, Rajeev Kumar and Raees Ahmad Khan. This is an open access article distributed under the terms of the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.
- 4,364 Views
- 2,233 Downloads
- 2 Citations
Download
Keywords
- Web Application
- Web Security
- Security Vulnerability
- Source Code
- Static Analysis