Web Application Security

Web application security is a branch of Information Security that deals specifically with security of websites, web applications and web services. Simply, Web Application Security is ―The securing of web applications‖. Web applications are one of the most prevalent platforms for information and services delivery over Internet today. As they are increasingly used for critical services, web applications become a popular and valuable target for security attacks. Although a large body of techniques have been developed to fortify web applications and mitigate the attacks toward web applications, there is little effort devoted to drawing connections among these techniques and building a big picture of web application security research.Web applications are important, common distributed systems whose current security relies primarily on server-side mechanisms. Web applications provide end users with client access to server functionality through a set of Web pages. These pages often contain script code to be executed dynamically within the client Web browser. Most Web applications aim to enforce simple, intuitive security policies, such as, for Web-based email, disallowing any scripts in untrusted email messages. Even so, Web applications are currently subject to a plethora of successful attacks, such as cross-site scripting, cookie theft, session riding, browser hijacking, and the recent self-propagating worms in Web-based email and social networking sites .This paper surveys the area of web application security, with the aim of systematizing the existing techniques into a big picture that promotes future research.