Security in Design Phase of SDLC for Web Applications - Subhranshu Mohanty - Bog

This book describes three approaches for the security of web applications related to the current trends and threats imposed on web applications. The first method is multi-factor authentication by dynamic questions in web-based applications. This is a multi-level authentication strategy which is used to protect the accessibility of the server-side scripts by the unauthorized users. This method protects the web application as well as its users from a wide range of cross-site server scripts and attacks. Second method is session management on the server side. The server will prepare a script which will monitor the login user patterns. The server-side script is used to monitor the time. If the system detects any suspicious activity on the client side, the server-side script will get activated and prompt the users to go through another level of authentication check. The third method is a prevention mechanism for Cross-Site Request Forgery (CSRF) attack. If the user visits a virus website, at this time, because the virus website cannot obtain the value of the third-party cookie, cannot hash this random number, it will be verified by the server and filtered out.