[{“box”:0,”content”:”[if 992 equals=”Open Access”]

Open Access

[/if 992]n

Year : April 3, 2024 at 4:55 pm | [if 1553 equals=””] Volume :11 [else] Volume :11[/if 1553] | [if 424 equals=”Regular Issue”]Issue[/if 424][if 424 equals=”Special Issue”]Special Issue[/if 424] [if 424 equals=”Conference”][/if 424] : 01 | Page : –

[foreach 286]n

Riya Premarajan Vechiot, Yogita Vijay Biradar

[/foreach]

n[if 2099 not_equal=”Yes”]n

Research Scholar, Research Scholar, MCA, Thakur Institute of Management Studies, Career Development & Research (TIMSCDR), Mumbai, MCA, Thakur Institute of Management Studies, Career Development & Research (TIMSCDR), Mumbai, Maharashtra, Maharashtra, India, India

n[/if 1175][/foreach]

[/if 2099][if 2099 equals=”Yes”][/if 2099]nn

Abstract

nWith incidents of cyber-attacks on websites and breaches of sensitive data on the rise, adopting secure coding or development practices to build strong web applications is long overdue. These practices encompass a variety of strategies, including but not limited to, input validation to prevent SQL injection and XSS attacks, secure session management, encryption of sensitive data, and the implementation of robust authentication and authorization mechanisms. This approach not only fortifies applications against known web vulnerabilities but also ingrains a culture of security within the development process. Drawing from a wealth of knowledge shared by industry professionals, this research paper underscores the importance of incorporating these secure development practices from the outset. Furthermore, adopting a security-first mindset encourages the ongoing evaluation and updating of security measures to combat evolving cyber threats. This research paper compiles insights from various sources by industry experts. Applying these practices at the development stage would result in applications that are not susceptible to known web application vulnerabilities.

Keywords: web-security; web applications; best practices; Vulnerability Prevention, Security-First Development

n[if 424 equals=”Regular Issue”][This article belongs to Journal of Web Engineering & Technology(jowet)]

[/if 424][if 424 equals=”Special Issue”][This article belongs to Special Issue under section in Journal of Web Engineering & Technology(jowet)][/if 424][if 424 equals=”Conference”]This article belongs to Conference [/if 424]

How to cite this article: Riya Premarajan Vechiot, Yogita Vijay Biradar Web Security: Crafting Fortified Online Platforms jowet April 3, 2024; 11:-

How to cite this URL: Riya Premarajan Vechiot, Yogita Vijay Biradar Web Security: Crafting Fortified Online Platforms jowet April 3, 2024 {cited April 3, 2024};11:-. Available from: https://journals.stmjournals.com/jowet/article=April 3, 2024/view=0

n[if 992 equals=”Open Access”] Full Text PDF Download[else] nvar fieldValue = “[user_role]”;nif (fieldValue == ‘indexingbodies’) {n document.write(‘Full Text PDF‘);n }nelse if (fieldValue == ‘administrator’) { document.write(‘Full Text PDF‘); }nelse if (fieldValue == ‘jowet’) { document.write(‘Full Text PDF‘); }n else { document.write(‘ ‘); }n [/if 992] [if 379 not_equal=””]n

Browse Figures

[foreach 379]n

n[/foreach]n

n[/if 379]n

References

n[if 1104 equals=””]n

[1] Alabdulrazzaq, Haneen. Securing Web Applications: Web Application Flow Whitelisting to Improve Security. 2017.
[2] Baars, Nanne. “Web Application Security: 10 Things Developers Need to Know.” www.youtube.com, 22 May 2018, youtu.be/qjrkV4RjgIU?si=ZIPfOCqWmNOqIj pr. Accessed 7 Oct. 2023.
[3] BEER, ELIOT. “Infosys Leak: IT Firm Left AWS Key Exposed on PyPi since Feb 2021.” The Stack, 18 Nov. 2022,
[4] www.thestack.technology/infosys-leak-aws- key-exposed-on-pypi/. Accessed 28 Oct. 2023.
[5] “First 5 Tips for Building Secure (Web) Apps.” Telerik Blogs, 6 Nov. 2019, www.telerik. com/blogs/first-5-tips-for-building-secure-web-apps. Accessed 30 Oct. 2023.
[6] “Secrets Management – OWASP Cheat Sheet Series.” Cheatsheetseries.owasp.org, cheatsheet series.owasp.org/cheatsheets/Secrets_Manage ment_Cheat_Sheet.html. Accessed 22 Oct. 2023.
[7] “What Is a Web Application Firewall (WAF)?” www.f5.com/glossary/web-application- firewall-waf. Accessed 27 Oct. 2023.
[8] haider A. Top 21 .NET Security Best Practices For Web Applications – Clickysoft. Clickysoft. 2023. Available from: https://clickysoft.com/dot-net-security-best-practices/ ‌
[9] zac1987. Can I fully prevent SQL injection by PDO Prepared statement without bind_param? . Stack Overflow. 2024. Available from: https://stackoverflow.com/questions/7915952/can-i-fully-prevent-sql-injection-by-pdo-prepared-statement-without-bind-param ‌
[10] gayatri r. Stored Cross-Site Scripting(Non-Privileged User to Anyone) . Medium. Medium; 2020 . Available from: https://gaya3-r.medium.com/stored-cross-site-scripting-non-privileged-user-to-anyone-1754e0a053d6 ‌

nn[/if 1104][if 1104 not_equal=””]n

[if 1106 equals=””], [/if 1106][if 1106 not_equal=””],[/if 1106]

n[/foreach]

n[/if 1104]

nn[if 1114 equals=”Yes”]n

DOI: https://doi.org/10.37591/JOWET.v11i01.0

n[/if 1114]

[if 424 not_equal=””]Regular Issue[else]Published[/if 424] Subscription Review Article

Journal of Web Engineering & Technology

[if 344 not_equal=””]ISSN: 2455-1880[/if 344]

n[if 2146 equals=”Yes”]

[/if 2146][if 2146 not_equal=”Yes”]

[/if 2146]n

Volume	11
[if 424 equals=”Regular Issue”]Issue[/if 424][if 424 equals=”Special Issue”]Special Issue[/if 424] [if 424 equals=”Conference”][/if 424]	01
Received	February 29, 2024
Accepted	March 30, 2024
Published		April 3, 2024

nn function myFunction2() {n var x = document.getElementById(“browsefigure”);n if (x.style.display === “block”) {n x.style.display = “none”;n }n else { x.style.display = “Block”; }n }n document.querySelector(“.prevBtn”).addEventListener(“click”, () => {n changeSlides(-1);n });n document.querySelector(“.nextBtn”).addEventListener(“click”, () => {n changeSlides(1);n });n var slideIndex = 1;n showSlides(slideIndex);n function changeSlides(n) {n showSlides((slideIndex += n));n }n function currentSlide(n) {n showSlides((slideIndex = n));n }n function showSlides(n) {n var i;n var slides = document.getElementsByClassName(“Slide”);n var dots = document.getElementsByClassName(“Navdot”);n if (n > slides.length) { slideIndex = 1; }n if (n (item.style.display = “none”));n Array.from(dots).forEach(n item => (item.className = item.className.replace(” selected”, “”))n );n slides[slideIndex – 1].style.display = “block”;n dots[slideIndex – 1].className += ” selected”;n }n”}]

Not A Member?

Join Us

Submit Manuscript

Submit Topics

Initiatives

Guidelines For

Further Information

Corporate Office

STM Journals,
An imprint of Consortium E-learning network Pvt. Ltd.
A-118, 1st Floor, Sector-63, Noida, U.P. India,
Pin-201301
(Tel) (+91) 0120- 4781 200
(Mob) (+91) 9810078958, +919667725932
E-mail: [email protected]

WEBSITE DISCLAIMER

Last updated: 2022-06-15

The information provided by STM Journals (“Company”, “we”, “our”, “us”) on https://journals.stmjournals.com/ (the “Site”) is for general informational purposes only. All information on the Site is provided in good faith, however, we make no representation or warranty of any kind, express or implied, regarding the accuracy, adequacy, validity, reliability, availability, or completeness of any information on the Site.

UNDER NO CIRCUMSTANCE SHALL WE HAVE ANY LIABILITY TO YOU FOR ANY LOSS OR DAMAGE OF ANY KIND INCURRED AS A RESULT OF THE USE OF THE SITE OR RELIANCE ON ANY INFORMATION PROVIDED ON THE SITE. YOUR USE OF THE SITE AND YOUR RELIANCE ON ANY INFORMATION ON THE SITE IS SOLELY AT YOUR OWN RISK.

EXTERNAL LINKS DISCLAIMER

The Site may contain (or you may be sent through the Site) links to other websites or content belonging to or originating from third parties or links to websites and features. Such external links are not investigated, monitored, or checked for accuracy, adequacy, validity, reliability, availability, or completeness by us.

WE DO NOT WARRANT, ENDORSE, GUARANTEE, OR ASSUME RESPONSIBILITY FOR THE ACCURACY OR RELIABILITY OF ANY INFORMATION OFFERED BY THIRD-PARTY WEBSITES LINKED THROUGH THE SITE OR ANY WEBSITE OR FEATURE LINKED IN ANY BANNER OR OTHER ADVERTISING. WE WILL NOT BE A PARTY TO OR IN ANY WAY BE RESPONSIBLE FOR MONITORING ANY TRANSACTION BETWEEN YOU AND THIRD-PARTY PROVIDERS OF PRODUCTS OR SERVICES.

PROFESSIONAL DISCLAIMER

The Site can not and does not contain medical advice. The information is provided for general informational and educational purposes only and is not a substitute for professional medical advice. Accordingly, before taking any actions based on such information, we encourage you to consult with the appropriate professionals. We do not provide any kind of medical advice.

Content published on https://journals.stmjournals.com/ is intended to be used and must be used for informational purposes only. It is very important to do your analysis before making any decision based on your circumstances. You should take independent medical advice from a professional or independently research and verify any information that you find on our Website and wish to rely upon.

THE USE OR RELIANCE OF ANY INFORMATION CONTAINED ON THIS SITE IS SOLELY AT YOUR OWN RISK.

AFFILIATES DISCLAIMER

The Site may contain links to affiliate websites, and we may receive an affiliate commission for any purchases or actions made by you on the affiliate websites using such links.

TESTIMONIALS DISCLAIMER

The Site may contain testimonials by users of our products and/or services. These testimonials reflect the real-life experiences and opinions of such users. However, the experiences are personal to those particular users, and may not necessarily be representative of all users of our products and/or services. We do not claim, and you should not assume that all users will have the same experiences.

YOUR RESULTS MAY VARY.

The testimonials on the Site are submitted in various forms such as text, audio, and/or video, and are reviewed by us before being posted. They appear on the Site verbatim as given by the users, except for the correction of grammar or typing errors. Some testimonials may have been shortened for the sake of brevity, where the full testimonial contained extraneous information not relevant to the general public.

The views and opinions contained in the testimonials belong solely to the individual user and do not reflect our views and opinions.

ERRORS AND OMISSIONS DISCLAIMER

While we have made every attempt to ensure that the information contained in this site has been obtained from reliable sources, STM Journals is not responsible for any errors or omissions or the results obtained from the use of this information. All information on this site is provided “as is”, with no guarantee of completeness, accuracy, timeliness, or of the results obtained from the use of this information, and without warranty of any kind, express or implied, including, but not limited to warranties of performance, merchantability, and fitness for a particular purpose.

In no event will STM Journals, its related partnerships or corporations, or the partners, agents, or employees thereof be liable to you or anyone else for any decision made or action taken in reliance on the information in this Site or for any consequential, special or similar damages, even if advised of the possibility of such damages.

GUEST CONTRIBUTORS DISCLAIMER

This Site may include content from guest contributors and any views or opinions expressed in such posts are personal and do not represent those of STM Journals or any of its staff or affiliates unless explicitly stated.

LOGOS AND TRADEMARKS DISCLAIMER

All logos and trademarks of third parties referenced on https://journals.stmjournals.com/ are the trademarks and logos of their respective owners. Any inclusion of such trademarks or logos does not imply or constitute any approval, endorsement, or sponsorship of STM Journals by such owners.

CONTACT US

Should you have any feedback, comments, requests for technical support, or other inquiries, please contact us by email: [email protected].