Security in Design Phase of SDLC for Web Applications

This book describes three approaches for the security of web applications related to the current trends and threats imposed on web applications. The first method is multi-factor authentication by dynamic questions in web-based applications. This is a multi-level authentication strategy which is used to protect the accessibility of the server-side scripts by the unauthorized users. This method protects the web application as well as its users from a wide range of cross-site server scripts and attacks. Second method is session management on the server side. The server will prepare a script which will monitor the login user patterns. The server-side script is used to monitor the time. If the system detects any suspicious activity on the client side, the server-side script will get activated and prompt the users to go through another level of authentication check. The third method is a prevention mechanism for Cross-Site Request Forgery (CSRF) attack. If the user visits a virus website, at this time, because the virus website cannot obtain the value of the third-party cookie, cannot hash this random number, it will be verified by the server and filtered out.