Open Access Open Access  Restricted Access Subscription Access

Secure ASP.NET Web Application by Discovering Broken Authentication and Session Management Vulnerabilities


Affiliations
1 Department of Information Technology, Raksha Shakti University, Ahmedabad, Gujarat, India
 

Today, web application security is most significant battlefield between victim, attacker and resource of web service. The owner of web applications can't see security vulnerability in web application which develops in ASP.NET. This paper explain one algorithm which aim to identify broken authentication and session management vulnerability. The given method of this paper scan the web application files. The created scanner generator relies on studying the source character of the application limited ASP.NET files and the code be beholden files. A program develop for this motive is to bring about a report which describes vulnerabilities types by mentioning the indict name, disclose description and its location. The aim of the paper is to discover the broken authentication and session management vulnerabilities. The indicated algorithm will uphold organization and developer to repair the vulnerabilities and recover from one end to the other security.

Keywords

Session Management, Session Hijack, Broken Authentication, Web Security, Asp.Net.
User
Notifications
Font Size

  • Xiaowei Li and Yuan Xue, “A survey on Web Application Security” 2012 Institute of Electrical and Electronics Engineers(IEEE)
  • OWASP Vulnerability Top ten, Retrieved on February,2017 from https://www.owasp.org/index.php/Category:Vulnerability
  • The Open Web Application Security Project Book, b OWASP Foundation, https://www.owasp.org/images/f/f8/OWASP-Top-10-2013
  • “VULNERABILITY LIKELIHOOD BY CLASS” , web security statistics report 2016[online] Retrieved on February,2017 from https://info.whitehatsec.com/rs/675-YBI-674/images/WH-2016-Stats-Report-FINAL.pdf
  • Tony Hunt, “OWASP Top ten for .net developers”, by plural sight publication.
  • Rajyalakshmi A.G, “broken authentication and session management” Retrieved on March 2017,from http://www.triadsquare.com/broken-authentication-and-session-management
  • H Huyam AL-Amro and Eyas El-Qawasmeh, “Security Vulnerabilities and Leaks in ASP.NET REFERENCESWebsites”, 2012 International Conference on E-Learning and E-Technologies in Education (ICEEE).
  • Paul Gries and Jennifer Campbell, Design Algorithm, Practical programming 2nd edition- A Introduction to computer science using python 3, 2013 The Pragmatic Programmers, LLC.
  • Paul Gries and Jennifer Campbell, Reading and writing files, Practical programming 2nd edition- A Introduction to computer science using python 3, 2013 The Pragmatic Programmers, LLC.
  • ASP.NET Web Forms page code model, https://msdn.microsoft.com/en-us/library/015103yb.aspx
  • B. Sullivan, “Top 10 security vulnerabilities in .NET configuration files”, Retrieved on February, 2017 from [Online] http://www.devx.com/dotnet/Article/32493/1954.
  • SESSION Identifiers, Retrieved on March, 2017 from [Online] https://msdn,microsoft.com/en-us/libary/ms178582.aspx.

Abstract Views: 279

PDF Views: 0




  • Secure ASP.NET Web Application by Discovering Broken Authentication and Session Management Vulnerabilities

Abstract Views: 279  |  PDF Views: 0

Authors

Rupal R. Sharma
Department of Information Technology, Raksha Shakti University, Ahmedabad, Gujarat, India
Ravi K. Sheth
Department of Information Technology, Raksha Shakti University, Ahmedabad, Gujarat, India

Abstract


Today, web application security is most significant battlefield between victim, attacker and resource of web service. The owner of web applications can't see security vulnerability in web application which develops in ASP.NET. This paper explain one algorithm which aim to identify broken authentication and session management vulnerability. The given method of this paper scan the web application files. The created scanner generator relies on studying the source character of the application limited ASP.NET files and the code be beholden files. A program develop for this motive is to bring about a report which describes vulnerabilities types by mentioning the indict name, disclose description and its location. The aim of the paper is to discover the broken authentication and session management vulnerabilities. The indicated algorithm will uphold organization and developer to repair the vulnerabilities and recover from one end to the other security.

Keywords


Session Management, Session Hijack, Broken Authentication, Web Security, Asp.Net.

References





DOI: https://doi.org/10.13005/ojcst%2F10.02.15