Research Article Open Access

Securing Web Applications through a Framework of Source Code Analysis

Alka Agrawal1, Mamdouh Alenezi2, Rajeev Kumar1 and Raees Ahmad Khan1
  • 1 BBA University, India
  • 2 Prince Sultan University, Saudi Arabia
Journal of Computer Science
Volume 15 No. 12, 2019, 1780-1794

DOI: https://doi.org/10.3844/jcssp.2019.1780.1794

Submitted On: 18 September 2019 Published On: 25 December 2019

How to Cite: Agrawal, A., Alenezi, M., Kumar, R. & Khan, R. A. (2019). Securing Web Applications through a Framework of Source Code Analysis. Journal of Computer Science, 15(12), 1780-1794. https://doi.org/10.3844/jcssp.2019.1780.1794

Abstract

Source code analysis is becoming extremely important for the universal acceptance of web applications because the automated source code analysis tools play a key role in identifying and fixing security-related vulnerabilities. This paper proposes a framework for securing web applications through source code analysis. The framework has three prescriptive phases including executing and monitoring, classifying and controlling and refining and managing. The framework helps to examine the web application source code related to security issues. The executing and monitoring phase employs five different open source tools for statically analyzing the source code. According to the literature, there are nine broad categories of vulnerabilities in web applications. After filtration of these vulnerabilities, classifying and controlling phase categorize the vulnerabilities according to their severity level with the help of fuzzy analytical analysis process and suggestive measures. The refining and managing phase takes these measures and suggests changes to the source code to make it more secure. This framework was validated through a web-based hospital management system. The results of the validation showed that the framework implementation made the source code more robust towards the upcoming vulnerabilities and bugs.

  • 751 Views
  • 494 Downloads
  • 0 Citations

Download

Keywords

  • Web Application
  • Web Security
  • Security Vulnerability
  • Source Code
  • Static Analysis