Journal of Korea Society of Digital Industry and Information Management (디지털산업정보학회논문지)

Korea Society of Digital Industry and Information Management (디지털산업정보학회)
권호 표지
DOI QR코드

DOI QR Code

Design and Implementation of Secure 3-Tier Web Application with Open Source Software

  • 김창수 (영남대학교 경영학부) ;
  • 유혜인 (영남대학교 대학원 경영학과) ;
  • 이용주 (경북대학교 컴퓨터정보학부)
  • Received : 2009.01.23
  • Accepted : 2010.02.25
  • Published : 2010.03.30
Download PDF
⟨ Previous Next ⟩

Abstract

Providing a secure 3-tier Web application has become a high priority for companies as e-businesses have increased the amount and the sensitivity of corporate information that can be accessed through the web. Web applications become more difficult to secure with this very increase in online traffic and transactions. This paper first reviews the 3-tier of web application, types of attacks that can threaten web application services and security principles. We then are designing and implementing a secure web application with open source software that able to mitigate the web application vulnerable to attack.

Keywords

Acknowledgement

Supported by : Kyungpook National University

References

  1. Newfoundland and Labrador, Enterprise Architecture Guidelines and Best Practices, Version 3. 8, 2009.
  2. Desmet, L., Jacobs, B., Piessens, F., Joosen, W., "A Generic Architecture for Web Applications to Support Threat Analysis of Infrastructure components," DistriNet Research Group, Katholieke Universiteit Leuven, Belgium, 2005.
  3. http://www.securityfocus.com/brief/1029, Small, medium firms cut security budgets
  4. Petersen, J., Benefits of using the n-tired approach for web applications, Adobe Systems Inc. http://www.adobe.com/devnet/coldfusion/articles/ntier.html, 2009.
  5. Shamsaie, A., Habibi, J., Ghassemi, F., Tierpeer: A three-tier framework for P2P, IJCSNS International Journal of Computer Science and Network Security, VOL. 7 No. 2, pp292-301, 2007.
  6. Mains, B., Introduction to 3-Tier Architecture, DotNet-Slackers.com, http://dotnetslackers.com/articles/net/IntroductionTo3-TierArchitecture.aspx, 2008.
  7. Thacker, N., 3-Tier Web Application Development. http://weblogs.asp.net/nannettethacker/archive/2008/03/05/3-tier-web-application-development.aspx, 2008.
  8. Zafar, M, F, Naheed, F, Ahmad, Z, and Anwar, M, M, Network Security: A survey of Modern approaches, The Nuclues, A Quarterly Scientific Journal of Pakistan, 2008, pp11-31.
  9. Lawrence, E, Newton, S., Corbit, B., Braithwaite, R., Parker, C., Technology of internet business, John Wiley & Sons Australian, Ltd, 2002, pp243-273.
  10. http://it.toolbox.com/wiki/index.php, Man in the Middle Attack
  11. Web Application Security Consortium, Web Application Security Consortium: Threat Classification, 2004, pp10-62.
  12. Pettit, S., "Anatomy of Web Application: Security Considerations," White Paper, Sanctum Inc., 2001.
  13. Meier, J. D., Mackman, A., Dunner, M., Vasireddy, S., Escamilla, R., Murukan, A., Web Application Security Fundamentals, Microsoft Corporation, 2003.
  14. Taylor, A., Alexander, D., Finch, A., Sutton, D., Information Security Management Principles, The British Computer Society, 2008.
  15. Viega, J., McGraw, G., Building Secure Software - How to avoid security problems the right way, Addision-Wesley, 2002.
  16. Satani, G., "Top 10 Web Service Security Requirements," http://builder.com.com/article.html, 2002.
  17. Curphey, M., Scambray, J., Olson, E., "Improving Web Application Security: Threats and Countermeasures Patterns & Practices," Microsoft Corporation, 2003.
  18. Curphey, M., et al., "A Guide to Building Secure Web Applications (OWASP Guide)," Creative Commons Attribution ShareAlike 3.0, 2002.
  19. White Hat Security, "Web Application Security 101: Real-world examples, tools and techniques for securing websites," White Paper, White Hat Security, Inc, 2005.
  20. The Apache Tomcat, http://tomcat.apache.org/
  21. MySQL Database Server 5.1.36, http://download.cnet.com/MySQL-Database-Server/
  22. Open SSL, http://www.openssl.org/
  23. OpenVPN, http://www.openvpn.net/
  24. ModSecurity, http://www.techiecorner.com/
  25. pfSense firewall, http://www.linux.com/
  26. Cheliotis, G, From open source to open content: Organization, licensing and decision processes in open cultural production, Decision Support Systems Volume 47, Issue 3, Elsevier Ltd, 2009, pp229-244. https://doi.org/10.1016/j.dss.2009.02.006
  27. Forte, D, SSL VPN and return on investment: A possible combination, Network Security, Volume 2009, Issue 10, Elsevier Ltd, 2009, pp17-19. https://doi.org/10.1016/S1353-4858(09)70112-6
  28. Bock, J, Session-Cookies and SSL, study research project at the EISS, University of Karlsruhe, 2008.