• P-ISSN 0974-6846 E-ISSN 0974-5645

Indian Journal of Science and Technology


Indian Journal of Science and Technology

Year: 2016, Volume: 9, Issue: 4, Pages: 1-7

Original Article

Policy Approval Engine - A Framework for Securing Web Applications and Web User


Background/Objectives: Web applications face variety of new extortions related to injections. Securing the web applications becomes paramount and an intricate process with the current technologies. The objective of this paper is to protect the web application form injection attacks. Methods/Statistical Analysis: Web publishers frequently integrate third-party advertisements into web pages that also contain sensitive end-user personal data. This may expose sensitive page content to confidentiality and integrity attacks launched by advertisements. Thus web browser needs some simple security policy and enforcement which can alleviate basic attacks in order to guard the applications and user that resides on the web. Findings: The policy enforcement framework for addressing security threats and to protect against cross-site request forgery, cross-site scripting, and content stealing has been proposed. To do so, the framework observes all outgoing web requests within the browser and offers authorization and approval checks before the contents are embedded into a page. Additionally, the advertisements are restricted to the access the user data. Thus, the paper delivers better understanding about web application security policy enforcement which protects user data from interactive ads. The proposed framework is compared with existing methods like SOMA and RequestPolicy and the result shows that the proposed method improves better security against attacks. The proposed framework decreases the false positive rate and false negative rate when compared to the existing framework. The accuracy of the proposed method is above 90%. Applications/Improvements: The proposed framework can be used to protect the web against cross-site request forgery, cross-site scripting, and content stealing. The future work focuses on providing security against web site defacement and other attacks.

Keywords: Injections, Policy Enforcement Framework, Security Policy, Security Threats, Web Applications


Subscribe now for latest articles and news.