Web Security and Factors Contributing to Web Security - Essay Example

? WEB SECURITY. MEMORANDUM Dennis Mark Dr. Alfred Peter July 02, SUBJ: Web Security The paper discusses web security and factors contributing to web security in terms of user’s knowledge, technology, and necessary tools for security. Additionally, the paper touches on the web history, user’s responsibility, internet controls, and development of SWEET. Web security manages and secures web traffic by sorting threats of web malware, blocking URL’s containing inappropriate content, and prevents the loss of confidential data over protocols on the web. Attackers use the web to deliver viruses such as malware. A huge percentage of breaches involve crimes that target corporate information. Another challenge of brand impairment occurs when the contractors or employees make postings that are inappropriate to sites of social networking. Therefore, the on-site contractors and employees expose an organization to legal uncertainties by visiting sites containing inappropriate content. Consequently, the productivity of an organization will suffer if the contractors and the employees exceed the use of the web during working hours. Web security ensures that the confidential information and networks are available and secure. Also, it protects the networks coming from outside such as malware posted over the web. Web security enhances the web protection and reduces the legal exposure by blocking restricted sites. Subsequently, it scans email of the internet and other web traffic that are outbound to reduce the loss of confidential data. It also prevents and detects proliferation to protect the end users against application threats. Web security also chooses among hosted, appliance, and premises options for web filtering and web security. Table of Contents WEB SECURITY. 1 MEMORANDUM 1 ABSTRACT. 6 INTRODUCTION 6 BACKGROUND 7 OBJECTIVES 8 FACTORS THAT CONTRIBUTE TO WEB SECURITY 8 Human and Technological Factors 9 The knowledge of the user 9 The technology that is in use at that particular time 9 Tools for Security 9 The necessary tools available for security 9 SECURITY CAN BE ACHIEVED BY ADDRESSING 9 User and Technology Factors 10 Responsibility of the User 10 Relevance to Security 10 Sweet Development 11 Design 12 Visualization 12 HISTORY OF WEB SECURITY 12 History of Web Tools 13 Preventing SQL injection 13 Creating awareness to web security 14 Tools to detect web attacks 14 Web versus desktop applications 15 Intelligent information systems 16 INTERNET CONTROLS: 16 Intrusion Detection System: 17 Signature-based network intrusion detection system: 18 Analysis-based network intrusion detection system: 18 Firewalls: 19 Encryption program: 19 Honey popts: 19 CONCLUSION 20 REFERENCE 21 3.Singh, Brijendra and Agarwal, Pooja. “Algorithm for Web Server Security” IETE Journal of Research57.5 (Sep 2011): 413-422. 22 6.Hossain, Md Safaet and Hossain, Md Shazzad. “Web Test Integration and Performance Evaluation of E-Commerce Web Sites” International Journal of Computer Science and Information Security10.9 (Sep 2012): 65-69. 23 7.Serrhini, Mohammed. Moussa, Abdelazziz Ait. “Home Users Security and the Web Browser Inbuilt Settings, Framework to Setup IT Automatically” Journal of Computer Science9.2 (2013): 159-168. 23 9.Volkoviy, Andrei and Chekhov, Ilia. “Use of Mobile Applications in Security and Safety Systems” Information & Security28.1 (2012): 146-153. 24 APPENDIX A. GLOSSARY 25 IT Systems: These are secure systems developed and can automatically detect threats and ensure that they are removed without the involvement of the user. 26 APPENDIX B. RESEARCH METHODS. 28 ABSTRACT. This final report discusses the topic of web security and some of the risks that internet users all over the world experience. Over the years, web security has grown to become a very crucial part of our daily life. This is shown by the manner in which most of the world population conducts their business (Alanazi, Fahad, &Mohamed, 2011 87). These include, doing bank transactions, holding board meetings through video conferencing to a simple chat over the internet using simple interfaces such as Facebook and Twitter. The threats posed by malicious internet users has driven the technocrats into developing methods such secure web applications and procedures such as SWEET that ensure people have their data safe when they are transmitting them over the internet (Alanazi, Fahad, &Mohamed, 2011 43). The final report has elucidated some of these methods and procedures that have been developed all over the years as the world of information technology is open-ended and is open to so many changes as the years go by (Md Safaet & Md Shazzad, 2012 67). INTRODUCTION Web Security is also termed as the cyber security. It involves protection of information by detecting, preventing, and responding to threats. The web users can protect themselves by recognizing the threats and familiarize themselves with terminologies associated with the risk (Alanazi, Fahad, &Mohamed, 2011 43). Some of the terminology used in web security includes hacking, viruses, worms. Trojan horses, Ransomware, and key loggers. The data security aspects include privacy, integrity, and authenticity. Some of the web security issues include SPAM, Phishing, DDOS, Botnets, and malicious websites. All the named aspects are interrelated (Alanazi, Fahad, &Mohamed, 2011 89). If every user keeps the system secure, the named issues can never occur. Also, small signs can avoid the bigger problems in the context. This can be assured by use of antiviral, Anti-spyware, report SPAM, and cautious against phishing attacks and scams. The paper, therefore, discusses the factors and history of web security. It also outlines the internet control and SWEET development. BACKGROUND Web security is a branch of Information Security that deals with the security of websites, web applications, and web services (Alanazi, Fahad, &Mohamed, 2011 90). At higher levels, web security operates on the ethics of application security and applies them to the Internet and web systems. When web application security is mentioned, there is an inclination to at once think about hackers defacing web sites and bombarding web sites with rejection of service attacks. These types of problems represent some of the most important threats faced by today's web applications (Md Safaet & Md Shazzad, 2012 68). The answer to web security is broader than just technology. It is an unending process involving the users and practices. Security is a path, not a target. As one evaluates the infrastructure and applications, they discover prospective threats and realize that each threat presents its own levels of risk. Hence, security is all about risk management and putting in place valuable countermeasures. OBJECTIVES 1. Highlight the factors that contribute to web security. 2. Explains the issues of web security and how they can be addressed. 3. Outline the internet control system through firewalls, encryptions, and honey pots. 4. Identify how the resource protection of scheme will ensure authorized users access safe objects in the web 5. Highlights how verification or assurance of machine or human resource is claimed through authentication 6. Explains the assurance of computer, employee, and other users have on the ability to conduct requests 7. Discusses the concept of data integrity and system integrity and how data entry protects data from tampering or unauthorized changes. 8. Identify how nonrepudiation is supported by documents, public key cryptography, and digital certificates. FACTORS THAT CONTRIBUTE TO WEB SECURITY The web is the primary factors that attackers use to pay malware on the web. A huge percentage of breaches involve crimes that are organized that target the information of corporate (Achkoski, et al., 2011 74). The contractors and employees can cause brand impairment when they make postings that are inappropriate to sites of social network. Also, on-site contractors and employees can contribute to web security by exposing the organization to legal risks (Wills, Craig &Zeljkovic 2011 54). Legal risks arise when they visit websites containing inappropriate content. Consequently, contractors and employees can contribute to web security by exceeding the personal use of the internet during working hours. This in return makes productivity to suffer (Md Safaet & Md Shazzad, 2012 66). Other factors that contribute to web security this can be categorized as below: Human and Technological Factors There are various human factors that contribute to web security they include: The knowledge of the user A good user is more concerned with their security in the web and in most cases; do not put their data at risk. Users therefore should have the right knowledge to be able to securely use the web. The technology that is in use at that particular time Present technology provides applications and tools that enable the user to be protected at all times. Users are always reminded to update their technology each and every time to ensure that they are always secure. Tools for Security There are various tools that are relevant to ensuring that security is achieved on the web and here is a summary of some of them (Wills, et al., 2011 43). The necessary tools available for security Just like technology, various tools used by the user are also crucial to their security. Users should ensure that they have the right tools and should always update both their hardware and software. SECURITY CAN BE ACHIEVED BY ADDRESSING There are various things that can be done by the developer and the user so as to realize web security. User and Technology Factors There are various technological and user factors that affect web security. They greatly impact the manner in which the web can be influenced. Responsibility of the User Many users are now educated on various ways to ensure that they are secure within the network There are different web applications that are created by JavaScript to ensure security of the users. Many tools have been created to ensure that third parties are completely denied access to information. Governments and other organizations are spending lot to ensure that their data is protected they do this by using the latest technology and tools available in the market (Brijendra & Pooja, 2011 415) SWEET SWEET is a teaching tool that is used to teach web users of different levels about the importance and relevance of web security and how to achieve it. Below are some of the way in which it developed and how relevant it is for web security. Relevance to Security SWEET is a tool that ensures that users are taught to learn to operate in a secure manner (Li-Chiou and Lixin, 2012 32), trying to make web application to be like desktop applications. This will reduce the amount of attacks on web applications. Even though many authors have similar views on how to ensure that the user is protected from unknowingly sharing their information to third parties, there are a lot of controversial ideas that different authors hold on ensuring that the user is well protected (Achkoski, et al., 2011 33). Li-Chiou, Chen, and Lixin Tao mainly focus on the use of SWEET to ensure that the user is protected (Chong, et al., 2012 36). Kapodistria, Helen, Sarandis Mitropoulos, and Christos Douligeris insist that the user should be educated on how to protect themselves from attacks. Torchiano, Marco, FilippoRicca, and Alessandro Marchetto mainly focus on the building of secure web applications such as those in desktop applications (Chong, et al., 2012 36). In the table below, a study done in the Netherlands is tabulated to give a summary of how desktop applications and web applications differ in terms of security. It provides a summary of how desktop applications are secure as compared to web applications. Table.1 A study in Netherlands compares the defects of both web and desktop applications. The two-way ANOVA figure is an analysis to see if indeed there is a significant notable difference in the two defects of applications. (Taken from Torchiano, et al. 2011, 159) Sweet Development Developing sweet requires a lot of professional as well as technical experts who need to work together to realize the functioning of SWEET Design Sweet configures a computing environment using Virtualization technology which simply means running emulator software on a computer so as to emulate another desired computer. The computer being used and the virtual computer run different or same systems (Achkoski, et al., 2011 68). Virtualization has been used worldwide in both educational demonstrations and commercial systems. Developments such as Microsoft Virtual PC, VMware are results of Virtualization. In our development, user computers were locally run on by SWEET computers (Li-Chiou &Lixin, 2012 43). Visualization Firstly Client-Side Virtualization do not need internet connections thus isolates web security exercises to the network preventing spilling effect on the internet which is an advantage over server-side Virtualization. Secondly virtual computers are portable, reduce pressure on the servers, can be distributed by web downloading flexible, easy to maintain and easily modified (Brijendra & Pooja, 2011 415) HISTORY OF WEB SECURITY The internet though a fascinating technology lacks geographical borders thus raising concerns about conducting business online because there are those who focus on penetrating to steal important info (chong, et al., 2012 66). Of late hackers have focused on web applications that allow shopping and communication with countries' companies mainly because these have increased users who use databases for exchange of info (Alanazi & Mohamed, 2011 63). SQL is a method used by hackers it’s dangerous because it can damage a whole system but also very easy (Brijendra & Pooja, 2011 414). It’s an attack whereby SQL code is appended into the application user input parameters then passed to another SQL server knows at the back-end for SQL execution. This is very dangerous it allows hackers to hack without using a password thus compromising the privacy and integrity of data especially if sensitive (Chong, et al., 2012 54). History of Web Tools Below is a brief look at how some of the tools have evolved over time to achieve a secure web environment (Mohammedi & Abdelaziz, 2013 156). Preventing SQL injection Removing a single quotation mark because verification occurs from this. Replacing a single quotation mark with two single quotation marks in the string input Removing TSQL comments like /**/ and – to reduce chances of damaging data. Using policy systems that are secure by limiting options to maybe only writing and reading (Torchiano et al., 2011 53) Creating awareness to web security Creating awareness to web users on web security is very important. As seen earlier, knowledgeable users are less prone to attacks than users who do not have the right knowledge needed for web security (Mohammedi & Abdelaziz, 2013 166). Due to this factor, many companies are creating awareness to users to always be on the look especially for fisher software that can be used to hack into their accounts. With the right knowledge, the user is able to (Wills, et al., 2011 21). There are behaviors that users have to avoid whenever they are on the web to avoid sharing their information to third parties. First is that they should never give out their passwords to any stranger as this may pose a threat to their security in the web Users should be taught on the most secure web applications to use when on the net and they have to know that web applications are not that secure All web users should be educated on how to protect themselves by the use of a firewall. With this, they are able to ensure that they are always safe whenever they are on the web Tools to detect web attacks DotDefender is a web application tool that was developed to help curb the increasing number of web attacks and it has been able to do wonders. It acts as a firewall to protect users from third party attacks. It identifies any threats and alerts the user. There are also malicious objects that are not allowed to pass through the firewall. The type of protocol in use is also a determining factor of security and hence it is the responsibility of every user to ensure that they use the right protocol (Kapodistria, et al., 2011 21). There are many proposed tools that will be developed by different developers and each tool is designed to help solve a certain web problem this ensures that the user has a collection of tools to choose whenever faced with any security threat (Kapodistria, et al.,2011 22). There are various web tools that can detect record and or prevent any attack that comes from the net. The kind of OS that the user is using is very important for these tools to be functional. Web versus desktop applications Web applications are known to be more prone to security threats as compared to desktop applications and it is because of this that many developers are coming up with ways to make web applications that have protocols similar to those of desktop applications (Torchiano,et al., 2011 84). For web applications to be less prone to security issues, the developers need to focus on testing. Testing ensures that threats are removed and that web addresses are properly defined for the destination and the origin (Kapodistria, et al., 201143). Web applications tend to have more security defects as compared to desktop applications. There are several loopholes that can provide access to third parties into the accounts of unsuspecting users. Web applications need to be designed with different protocols that will not only ensure security but will also build a well-defined approach to securing the website. In the next figure, a previous research on desktop and web applications are summarized. This plot shows the % defects that web and desktop applications have and how much they differ. The drop box clearly indicates that at a range of 0.3 to 0.4 desktop applications are more secure compared to web applications with a 0.5 and above defects (Wills, et al., 2011 11). Fig. 2 Box plot of percentage of defects is a presentation layer per type of application. Carried out in the Netherlands, the table aims at finding the best application that can be used between web applications and desktop applications. Intelligent information systems To help web users have a secure web system, developers are using artificial intelligence to develop secure systems that can automatically detect threats and ensure that they are removed without the involvement of the user (Achkoski,et al., 2011 34). These systems ensure that they protect the user without their knowledge. Even though sometimes they might become a nuisance they are vital to the protection of the user data. INTERNET CONTROLS: In this era of modern information technology, the Internet has delivered the ultimate lack of restrictions to information and communication. Like all types of freedom, the Internet has been abused by many unprincipled personalities to execute their malice. These range from directing annoying and at times violent e-mails, to credit card scam, advanced fee fraud, having other systems infested with malevolent viruses, raid of private information or communication, etc. The development of these unpleasant practices has compelled the development of some methods of Internet Controls. These are control procedures, to thwart abuses by operators in the system. Some control procedures provide security at the level of the computer system, while some other functions at several layers (Wills, et al., 2011 43). The classifications of control procedures are not closed. With endless exploration in the field, new methods are being presented. We may safely contemplate some of the functional controls in two broad categories: Intrusion Detection System (IDS) and Honey Pots. Intrusion Detection System: The Intrusion Detection System is a type of observation, which is intended to precisely identify malevolent activities at the earliest opportunity in order to reply properly. The Intrusion Detection System is categorized into two categories: the Host based Intrusion Detection System and the Network based Intrusion Detection System. The Host based Intrusion Detection System operates on a software operating in the system, to oversee the movement of the system itself and to identify signs of malevolent activity. HIDS functions at the level of the operating system, rather than at the network level, a shared example is the anti-virus software, which is used to guard the system against computer virus assaults. On the other hand, the Network Intrusion Detection System operates on software that scrutinizes network movement for signs of an invader (Brijendra & Pooja, 2011 422). Research results have revealed that the best common type of IDS in operation is the NIDS. Subsequently I look at some of the conspicuous Network based Intrusion Detection Systems: The image shows occurrence of internet security level. Signature-based network intrusion detection system: This type of system operates much comparable to the virus-detection software. A catalogue of signatures is established for notorious assaults. The network intrusion detection system suite pays attention to all network traffic movement, relates it to the stored signatures, and activates an alarm if it senses a match. Analysis-based network intrusion detection system: The system is built on the analysis of the packets. As an alternative of using signatures to monitor the network traffic, the system essentially scrutinizes or evaluates the packets for marks of malevolent operator action. Upon identifying any such malevolent operator action, the alert is allotted. One of the first scrutinies’s built NIDS merchandise is the shadow method which is used by the Navy facilities. Shadow practices the freeware top dump to collect the headers from the network movement. These headers are scrutinized for marks of malevolent action (Wills, et al., 2011 23). Firewalls: A firewall is a system intended to regulate peripheral admission to an enterprise’s inner system and material. The firewall method is that computers managing delicate material are secluded from the internet, though still being adept in getting user material from it. The server computer, which ensures all the communication with external operators, acts as a middle man, getting any private material, without keeping it and then passing it on, via an inner link, to the establishment’s focal computers (Wills, et al., 2011 22). These focal computers have no other association with the internet and are automated to only reply to the server computer. Thus, there exists a firewall shielding the central computer. Encryption program: As the practice of the e-mail has augmented, so too has alarm over the subject of the confidentiality of the mails. To resolve the difficulty, the encryption platform was established. The methodology of the platform is to clamber your files over it leaving your browser. For this to operate successfully, the receiver needs to have the identical software with which to decrypt the dispatch. The encryption program is not constrained to e-mails only. It is also applied to protect complex data in credit cards and other electronic cards. Honey popts: Honey pots are intended to entice probable hackers, in the same way honey lures insects. This notion is to cause would be aggressors to waste time and energy in cracking what is in effect a bogus objective, allowing you time and opportunity to go after them, or resolve how to reply to their spam (Andrei & Ilia, 2012 148). Honey pots differ broadly in latitude. They could be as modest as a deception you can build yourself, using apparatuses like net chat, or as ostentatious as the two viable products presently in use; Man trap and Cyber Cop Sting. CONCLUSION Web security is not an instant success story but, instead, requires ongoing implementation of counter measures that try to curb any malpractices that may pose a threat to secure information transfer (Torchiano, et al., 2011 60). With the right technology and tools, the user is able to successfully transfer information and receive it without any leakage. Several experts have come up with different tools such as SWEET that provides a better environment for the training and management of security operations in the web (Achkoski, et al., 2011 70). There are also various web tools that can detect record and or prevent any attack that comes from the net. With the introduction of the Internet, the world has turned into a small global village. With the assistance of the Internet, individuals can send and obtain letters, files and data from all over the world. The web is the collaborative, enlightening place with every zone interconnected so that one can change from one setting to the other in a flash (Achkoski, et al., 2011 65). This has brought a lot of challenges on the subject of information security. REFERENCE 1. Achkoski, Jugoslav. Trajkovik, Vladimir and Dojchinovski, Metodija. "An Intelligent Information System Based on Service-Oriented Architecture: A Survey of Security Issues." Information & Security 27.1 (2011): 91-110.ProQuest. The journal explores latest methods to secure system and its information. It also discusses procedures, policies, technology, and audit. It shares proven practices from leading experts such as e-crime, security metrics, and electronic evidence oversight. It also studies the protection of computing information and discovers how to foster development of future leaders. 2. Alanazi, Fahad, and Mohamed Sarrab. "The History of Web Application Security Risks." International Journal of Computer Science and Information Security 9.6 (2011): 40-47.ProQuest. The journal discusses the history of web applications and sensitive task assignments done on the web. Such tasks include database access, system administration, online shopping, and online banking. The journal also asserts that web users and applications are the target of attacks. Such attacks include session hijacking, information leakage, SQL injection, and Cross site scripting. 3. Singh, Brijendra and Agarwal, Pooja. “Algorithm for Web Server Security” IETE Journal of Research57.5 (Sep 2011): 413-422. The journal presents the development and research results of long term significance in the design, implementation, application, and analysis of secure networks and computer systems. It also offers a forum for exchanging ideas about the implication and meaning of privacy and security. It also provides an opportunity to print articles of length and greater depth. 4. Kapodistria, Helen, Sarandis Mitropoulos, and Christos Douligeris. "An Advanced Web Attack Detection and Prevention Tool." Information Management & Computer Security 19.5 (2011): 280-299. ProQuest. It postulates browser as one of the operating systems. It explains that users visit various websites simultaneously. Also, a browser contains different programs for web domains. Meaning that the programs run by the browser are offered by entities that are trusted. Browsers maintain resources that are updated by domains of the web. 5. Li-Chiou, Chen, and Lixin Tao. “Teaching Web Security uses Portable Virtual Labs.” Educational Technology & Society, 15.4 (2012): 39 –46. ProQuest. The journal defines the security principal as an entity that computer network or system authenticates. The security principals can also be assigned privileges and rights over other resources in the network. It also says that the security principal is a unit which policies of information security can apply. The journal explains the importance of selecting the correct security principal. 6. Hossain, Md Safaet and Hossain, Md Shazzad. “Web Test Integration and Performance Evaluation of E-Commerce Web Sites” International Journal of Computer Science and Information Security10.9 (Sep 2012): 65-69. The journal outlines the web security issue. It secures the communication existing between server and client through the use of HTTP. It also compares HTTP over SSL. It also outlines session management and user authentication through methods such as cookies. The journal also discusses the active contents from various websites. Anti-phishing is also outlined as a website authentication. 7. Serrhini, Mohammed. Moussa, Abdelazziz Ait. “Home Users Security and the Web Browser Inbuilt Settings, Framework to Setup IT Automatically” Journal of Computer Science9.2 (2013): 159-168. The journal discusses the various standardized interfaces of digital data that are used to measure systems that connect computers and instrument for transferring data or connect between complicated ICs. It outlines the two standard parts that is the electrical specification, data and control protocols and formats. 8. Torchiano, Marco, FilippoRicca, and Alessandro Marchetto. "Are Web Applications More Defect-Prone than Desktop Applications?" International Journal on Software Tools for Technology Transfer 13.2 (2011): 151-166.ProQuest. The journal offers a forum that discusses all elements of tools that help me develop the computer system. It provides a tool-oriented connection between the industrial practice and academic research. It also focuses on technical themes such as generic tool issues, practicality issues, construction and analysis issues. 9. Volkoviy, Andrei and Chekhov, Ilia. “Use of Mobile Applications in Security and Safety Systems” Information & Security28.1 (2012): 146-153. It discusses same origin policy and what it controls. The same origin policy is applicable to various accesses. For instance it manipulates the windows of browser, cookies, and documents. It also discusses the problems associated with the Same Origin Policy. Such problems are poorly mounted on certain browsers, especially the older browsers. In addition to allowing script on a single page to access the document properties from another. 10. Wills, Craig E., and Zeljkovic, Mihajlo. "A Personalized Approach to Web Privacy: Awareness, Attitudes and Actions." Information Management & Computer Security 19.1 (2011): 53-73.ProQuest. The journal welcomes inputs on all elements of security: integrity, protection of service, confidentiality of services against unauthorized use. It also interests security policies and understanding through modeling, analysis, design of strategies to enforce the principles of architecture for hardware and software implementing them. APPENDIX A. GLOSSARY Intrusion Detection System: The Intrusion Detection System is a type of observation, which is intended to precisely identify malevolent activities at the earliest opportunity in order to reply properly. Internet Controls: These are measures and procedures aimed at reducing internet malice and threat to information. Sweet: It is a tool that ensures that users are taught to learn to operate in a secure manner. FIREWALLS: A firewall is a system intended to regulate peripheral admission to an enterprise’s inner system and material. HONEY POTS: This is a trick intended to entice probable hackers, in the same way honey lures insects. IT Systems: These are secure systems developed and can automatically detect threats and ensure that they are removed without the involvement of the user. Encryption program: These are programmed software that is used to somehow engulf information before leaving their original browsers in order to protect the information from potential hackers who may want to use it for malice. Web Security: This is the ability of a web application to securely protect data communicated between a sender and a receiver without the involvement of any other third party APPENDIX B. RESEARCH METHODS. I primarily used all available sources that I could come up with. The ACTM online library proved to be of great help to me as most of my reference sources are found in this library. To facilitate my research in this report I also sourced the views of my fellow students on their thoughts about web security and I must admit it proved to be very helpful as I got different ideas and reasoning from different perspectives which on analyzing proved to be a very helpful line of action. I also applied the knowledge that I have earned from attending my classes as they have helped me contrast and compare some of the ideas I have come across in the process of doing my research. I also applied my day to day knowledge of web applications to come up with some of the necessary information. The use of SWEET and its procedure proved to be very useful to me in ensuring that I get to know more about web applications. I used various statistical information to analyze, how web and desktop applications vary and an ANOVA test was very useful here. In addition to the statistical tests done to prove the security of desktop applications as compared to the web application, most resources used here also supported this fact and was very useful in ensuring that I got the most up to date information on how to make web applications secure. Identifying the history of web security was also important to ensure that I got a brief description of how the applications have evolved over time and how to make future web application much better. Various resources were useful especially from Torchiano, Marco, FilippoRicca, and Alessandro Marchetto. They had a clear history of how different web and desktop applications have been evolving over time and the types of protocols that web applications have had to change in order to match desktop applications. Alanazi, Fahad, and Mohamed Sarrab were also a major boost to providing the history of web security and how to ensure that past mistakes in technology are done away with. Read More