Security Enhancements for Web-Based Applications

  • Shivanand B. Hiremath
  • Sameer S. Saigaonkar
Conference paper
Part of the Lecture Notes in Electrical Engineering book series (LNEE, volume 28)


Web applications use inputs from Hypertext Transfer Protocol (HTTP) requests sent by the users to determine the response. Attackers can tamper with any part of the HTTP request, including the Uniform Resource Locator (URL), query string, headers, cookies, form fields and hidden fields and attempt to bypass the application’s security mechanisms. Common input-tampering attacks include forced browsing, command insertions, cross-site scripting, buffer overflows, format string attacks, Structured Query Language (SQL) injection, cookie poisoning and hidden field manipulation. In this paper, we have proposed an algorithm to detect hidden fields, the form fields and URL parameters manipulation and the algorithm is implemented in Java Server Pages (JSPTM). Security aspects are illustrated with fine remarks.


Hash Table Form Field Secret Component Input Type Uniform Resource Locator 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Schneier B (1996) Applied cryptography. John Wiley, New YorkGoogle Scholar
  2. 2.
    Singh Inderjeet, Stearns Beth, Johnson Mark, and the Enterprise Team (2002) Designing Enterprise Applications with the J2EE™ Platform. 2nd edn. Addison-Wesley, MichiganGoogle Scholar
  3. 3.
    Graff MG, van Wyk KR (2002) Secure coding. O’Reilly & Associates, CaliforniaGoogle Scholar
  4. 4.
    Smith RE (1999) Internet cryptography. Addison-Wesley, MichiganGoogle Scholar
  5. 5.
    Venkatramanayya S, Bishop M (2006) Introduction to computer security. Addison–Wesley, MichiganGoogle Scholar
  6. 6.
  7. 7.
    Hidden form field vulnerability. White papers (InfoSec Labs),
  8. 8.
    Preventing HTML form tampering.
  9. 9.

Copyright information

© Springer Science+Business Media, LLC 2009

Authors and Affiliations

  • Shivanand B. Hiremath
    • 1
  • Sameer S. Saigaonkar
    • 2
  1. 1.National Institute of Industrial EngineeringMumbaiIndia
  2. 2.Diploma in Industrial Engineering, National Institute of Industrial EngineeringMumbaiIndia

Personalised recommendations