Abstract:
Web applications are one of the most prevalent platforms for information and services delivery over Internet today. As they are increasingly used for critical services, web applications become a popular and valuable target for security attacks. Although a large body of techniques have been developed to fortify web applications and mitigate the attacks toward web applications, there is little effort devoted to drawing connections among these techniques and building a big picture of web application security research. The main objective of this paper is to point out the possible vulnerabilities in a content serving web application and propose suitable security techniques to protect the site from the attack and provide significant help to the developer of a web application. This research paper organizes the existing research works on securing web applications into three categories based on their design philosophy: security by construction, security by verification and security by protection. Finally, this research paper summarizes the lessons learnt and discuss future research opportunities in this area.
