Treffer: A Secure Framework for Communication and Data Processing in Web Applications †.

Web applications are widely used, and the applications deployed on the web do not always satisfy all the security policies. This may arise due to less secure configurations, less knowledge in security configurations, or due to insecure coding practices. Even though a lot of practices are available, a lot of security loopholes are still available for hackers to steal information. A secure web application framework is discussed here which incorporates solutions to major security loopholes that attackers may use for stealing information or compromising systems. The security framework proposed here ensures an encrypted data transfer making the data safe and server-side vulnerability detection and avoidance for major attacks like SQLinjection (SQLi) and Cross Site Scripting (XSS). The client side of the framework is responsible for validations, encryption, and session management through a JavaScript module. The server side of the framework is responsible for decryption and validation, data management, and URL management. The framework deployed with PHP showed a good outcome when tested with the Arachni web application security scanner. The framework will be further studied for performance with huge workloads. Further, the work will be extended to cover other attacks. [ABSTRACT FROM AUTHOR]

Copyright of Engineering Proceedings is the property of MDPI and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)