Open Access Open Access  Restricted Access Subscription or Fee Access

Web Application Protection from Wide Range of Web Vulnerabilities

K. Venkatesh Sharma, K. Satish Kumar


Adoption of web applications is increasing for multipurpose services. However, their correct functioning is mission critical for many businesses. At the same time, Web applications tend to be error prone and implementation vulnerabilities are readily and commonly exploited by attackers. The design of countermeasures that detect or prevent such vulnerabilities or protect against their exploitation is an important research challenge for the fields of software engineering and security engineering. In this paper we introduce a single J2EE based web application which can able to handle several vulnerabilities at application level, mainly these are related to injection types, cross site scripting, browser caching and also protecting the session data dependency via changing session identifier at runtime, sequential access and session expiration. By handling all these things together in an application we can protect our web application successfully from the common vulnerabilities.


Web Application, Vulnerabilities, Session Data, Security, Injection Flaw, Cross Site Scripting, Web Application Firewall (WAF).

Full Text:



Provable Protection against Web Application Vulnerabilities Related to Session Data Dependencies.

Lieven Desmet, Pierre Verbaeten, Member, IEEE, Wouter Joosen, and Frank Piessens IEEE transactions on software engineering, vol. 34, no. 1, january/february 2008


SOFTWARE ENGINEERING: A Practitioner's Approach: McGraw-Hill Publications: Roger S. Pressman.

J2EE-Overview -




SUN-Developer -

OWASP: Open Web Application Security Project top 10 vulnerabilities 2007.

CWE: CWE-89 (SQL Injection), CWE-77 (Command Injection), CWE-90 (LDAP Injection), CWE-91 (XML Injection), CWE-93 (CRLF Injection), others.

WASC Threat Classification:


OWASP Guide,

CWE: CWE-287 (Authentication Issues), CWE-522 (Insufficiently Protected Credentials), CWE-311 (Reflection attack in an authentication protocol), others.

WASC Threat Classification:

OWASP Guide,

CWE: CWE-79, Cross-Site scripting (XSS)

WASC Threat Classification:

OWASP – Cross site scripting,

OWASP – Testing for XSS,

OWASP Stinger Project (A Java EE validation filter) –


  • There are currently no refbacks.

Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 License.