Abstract
In the digital age web applications have become a staple of our daily lives due to their convenience and efficiency. It is our main form of communication, transactions and how we access information. With the abilities of web applications, we have become reliant on them for our day-to-day tasks. Although this is not inherently bad, it has become clear that web application security is a paramount tool for online use, particularly among businesses and organisations. Web application security is the practice of protecting websites, applications, and APIs from attacks. This form of security aims to ensure that web applications function smoothly and remain unhindered by cyber vandalism, data theft, and other malicious attacks. This report will explore the top three vulnerabilities highlighted by the most recent OWASP top ten vulnerabilities report, last updated in 2021. These vulnerabilities include broken access control, cryptography failures and injection attacks. Moreover, each section will highlight how these security techniques defend, can be exploited and what measures developers can take to better defend web applications. The paper addresses the future of web application security in the context of emerging technologies such as artificial intelligence (AI) and machine learning. It speculates on how these technologies might be integrated into security strategies to enhance threat detection and response capabilities. The concept of DevSecOps is introduced as an evolutionary approach to integrate security into the development process of web applications, emphasizing the shift towards proactive security practices. In conclusion, the paper highlights the critical nature of web application security in the digital age. It provides a detailed examination of the most pressing vulnerabilities and offers guidance on implementing effective security measures. The aim is to equip developers, security professionals, and organizations with the knowledge and tools necessary to build and maintain secure web applications, ultimately protecting them from the evolving landscape of cyber threats.
Original language | English |
---|---|
Title of host publication | 8th International Symposium on Computer Science and Intelligent Control (ISCSIC 2024) |
Number of pages | 8 |
Publication status | Accepted/In press - 27 Sept 2024 |
Event | 2024 8th International Symposium on Computer Science and Intelligent Control - Zhengzhou, China Duration: 6 Sept 2024 → 8 Sept 2024 https://www.iscsic.org/ |
Conference
Conference | 2024 8th International Symposium on Computer Science and Intelligent Control |
---|---|
Abbreviated title | ISCSIC 2024 |
Country/Territory | China |
City | Zhengzhou |
Period | 6/09/24 → 8/09/24 |
Internet address |
Data Access Statement
No data information on recordKeywords
- cybersecurity
- Web and internet services
- security
- Web application security
- OWASP
- Access Control