Professional Documents
Culture Documents
TABLE OF CONTENTS
1. INTRODUCTION3
2. MOTIVATION ....3
3. PROBLEM STATEMENT...4
4. OBJECTIVES.......4
5. PROJECT DESCRIPTION.......5
6. PROJECT STATUS..5
7. CONCLUSION AND FUTURE PLANS .........5
8. REFERENCES..6
Introduction
Page | 3
Web application security is a branch of Information Security that deals specifically with
security of websites, web applications and web services. At a high level, Web application
security draws on the principles of application security but applies them specifically
to Internet and Web systems.
Web Security consists of two major areas:
Web Application Security.
Web Browser Security.
Web security nowadays can be compromised by using various methods like Injection, XSS, and
Phishing etc. where XSS is the most common web security challenge. Figure 1, shows the attack
percentage.
Motivation
Most web sites have vulnerabilities, Attackers can access confidential data by breaking into web
applications. Many users are not security minded thus Attackers may target users by asking them
to visit malicious web sites. Several components could be targeted along with huge attack surface
therefore since many layers can be attacked and exploited thus it becomes very important to
secure the communication medium in order to ensure secure and reliable communication.
Being lightweight, fast, and scalable, Node.js is becoming a widely adopted platform for
developing web applications. This project provides an environment to learn how top security
risks apply to web applications developed using Node.js and how to effectively address them.
Page | 4
Problem Statement
How some serious vulnerabilities and security flaws can manifest in Node.js Web Applications
and how to prevent it.
Objectives
All information security measures try to address at least one of three goals:
These goals form the confidentiality, integrity, availability (CIA) triad, the basis of all security
programs Figure 2: Information security professionals who create policies and procedures (often
referred to as governance models) must consider each goal when creating a plan to protect a
computer system
Project Description
The Project NodeWeb Security is being written in Node.js and it aims to provide a secure
communication. It also provides measures or ways through which security risks could be
minimized.
Node.js is an open-source, cross-platform JavaScript runtime environment for developing a
diverse variety of tools and applications. Although Node.js is not a JavaScript framework, many
of its basic modules are written in JavaScript, and developers can write new module in
JavaScript. The runtime environment interprets JavaScript using Google's V8 JavaScript engine.
Node.js has an event-driven architecture capable of asynchronous I/O. These design choices aim
to optimize throughput and scalability in Web applications with many input/output operations, as
well as for real-time Web applications
Project Status
Node.Js and MongoDB environment has been set up. Login/Signup authentication has been
implemented. Various potential security risks have been studied thoroughly.
Following functionalities are yet to be implemented:
Web Application UI
Injection attack
Broken Authentication
Session Management
XSS
References
[1] IEEE Internet Computing (Volume: 14, Issue: 6, Nov.-Dec. 2010)
[2] Reference erpscan Securing SAP from XSS Vulnerability Figure Vulnerability % chart
(June 13, 2015) On page(s): 3.
Page | 6