Using Security Patterns in Web-Application

Inhaltsverzeichnis (Table of Contents)

• Chapter 1: Introduction
• 1.1 Problems
• 1.2 Aim and Objectives
• 1.3 Structure
• Chapter 2: Background on Web Application & Web Application Security
• 2.1 Background of Web- Application
• 2.2 Background on Web Application Security
• Chapter 3: Attacks and Countermeasures of Web - Application
• 3.1 Eavesdropping
• 3.1.1 What is Eavesdropping?
• 3.1.2 How Eavesdropping happen?
• 3.1.3 Countermeasures for Eavesdropping
• 3.2 Exploiting Poor Authentication
• 3.2.1 What is Poor Authentication?
• 3.2.2 How the poor authentication can be exploited?
• 3.2.3 Countermeasures of poor authentication
• 3.3 Log Tampering
• 3.3.1 Overview of Log
• 3.3.2 What is log tampering?
• 3.3.3 Countermeasures for Log Tampering
• 3.4 SQL Injection
• 3.4.1 Overview of SQL injection
• 3.4.2 Countermeasures for SQL Injection
• 3.5 Cross-Site Scripting
• 3.5.1 What is Cross-Site Scripting?
• 3.5.2 Countermeasure of Cross-Site Scripting
• 3.6 HTTP Response Splitting
• 3.6.1 What is HTTP Response Splitting?
• 3.6.2 Countermeasure for HTTP Response Splitting
• 3.7 Reason of Attack on Web Application
• Chapter 4: Introduction to Patterns
• 4.1 An introduction to pattern language
• 4.2 What is Design Pattern?
• 4.3 History of Design Pattern
• 4.4 Design Pattern Template
• Chapter 5: An Introduction to Security Patterns
• 5.1 What is Security Pattern?
• 5.2 History of Security Pattern
• 5.3 Why Security Pattern?
• 5.4 Types of Security Pattern
• 5.5 Use and Misuse Case in Security Pattern
• 5.6 Security Pattern Template
• Chapter 6: Overview and Implementation of Security Patterns
• 6.1 Overview of Security Pattern used to address attack
• 6.1.1 Secure Pipe Pattern
• 6.1.2 Secure Proxy Pattern
• 6.1.3 Secure Logger Pattern
• 6.1.4 Intercepting Validator Pattern
• 6.2 Implementation of Security Pattern in Context to Attack
• 6.2.1 Mitigating Eavesdropping with Secure Pipe and its Related Pattern
• 6.2.2 Mitigating poor authentication exploit with Secure Proxy & its Related Pattern
• 6.2.3 Mitigating Log Tampering with Secure Logger & its Related Pattern
• 6.2.4 Mitigating SQL Injection, Cross-Site Scripting and HTTP Response Splitting with Intercepting Validator and its Related Pattern
• Chapter 7: Analysis of Security Patterns
• 7.1 Analysis between main security pattern and related pattern
• 7.1.1 Secure Pipe Pattern versus Message Intercepting Gateway

Zielsetzung und Themenschwerpunkte (Objectives and Key Themes)

This dissertation aims to explore how security is incorporated by using security patterns in web-applications. The work investigates the effectiveness of this approach in addressing various security challenges faced by web-applications.

• Security Patterns in Web Applications
• Common Web Application Attacks
• Countermeasures for Web Application Vulnerabilities
• Design Patterns and Their Role in Security
• Implementation and Analysis of Security Patterns

Zusammenfassung der Kapitel (Chapter Summaries)

Chapter 1 introduces the problems associated with web application security and outlines the aim and objectives of the dissertation. Chapter 2 provides background information on web applications and web application security. Chapter 3 explores various attacks on web applications, including eavesdropping, poor authentication, log tampering, SQL injection, cross-site scripting, and HTTP response splitting. The chapter also discusses countermeasures for each of these attacks.

Chapter 4 provides an introduction to patterns, specifically design patterns, and explores their history and use in software development. Chapter 5 introduces security patterns and discusses their purpose, history, and types. This chapter also explores use cases and misuse cases for security patterns.

Chapter 6 offers an overview and implementation of security patterns, focusing on how they can address the attacks discussed in Chapter 3. This chapter provides examples of specific security patterns and their applications, such as the Secure Pipe pattern, Secure Proxy pattern, Secure Logger pattern, and Intercepting Validator pattern. The chapter also explores the implementation of security patterns in the context of different attack scenarios.

Chapter 7 analyzes the effectiveness of various security patterns, comparing the strengths and weaknesses of different approaches. This chapter focuses on a specific example of the Secure Pipe pattern versus the Message Intercepting Gateway pattern. The chapter aims to provide insights into the best practices for choosing and implementing security patterns in web applications.

Schlüsselwörter (Keywords)

This work explores the use of security patterns in web applications, focusing on the design and implementation of solutions to address common security threats. The key themes include web application security, security patterns, design patterns, countermeasures against attacks such as SQL injection, cross-site scripting, and eavesdropping, as well as the analysis and implementation of security pattern solutions.