Web Application Security Education Platform Based on OWASP API Security Project

IF 0.4 Q4 ENGINEERING, ELECTRICAL & ELECTRONIC EMITTER-International Journal of Engineering Technology Pub Date : 2022-12-16 DOI:10.24003/emitter.v10i2.705
Muhammad Idris, I. Syarif, Idris Winarno
{"title":"Web Application Security Education Platform Based on OWASP API Security Project","authors":"Muhammad Idris, I. Syarif, Idris Winarno","doi":"10.24003/emitter.v10i2.705","DOIUrl":null,"url":null,"abstract":"The trend of API-based systems in web applications in the last few years keeps steadily growing. API allows web applications to interact with external systems to enable business-to-business or system-to-system integration which leads to multiple application innovations.  However, this trend also comes with a different surface of security problems that can harm not only web applications, but also mobile and IoT applications.  This research proposed a web application security education platform which is focused on the OWASP API security project. This platform provides different security risks such as excessive data exposure, lack of resources and rate-limiting, mass assignment, and improper asset management which cannot be found in monolithic security learning application like DVWA, WebGoat, and Multillidae II. The development also applies several methodologies such as Capture-The-Flag (CTF) learning model, vulnerability assessment, and container virtualization. Based on our experiment, we are successfully providing 10 API vulnerability challenges to the platform with 3 different levels of severity risk rating which can be exploited using tools like Burp Suite, SQLMap, and JWTCat.  In the end, based on our performance experiment, all of the containers on the platform can be deployed in approximately 16 seconds with minimum storage resource and able to serve up to 1000 concurrent users with the average throughput of 50.58 requests per second, 96.35% successful requests, and 15.94s response time.","PeriodicalId":40905,"journal":{"name":"EMITTER-International Journal of Engineering Technology","volume":null,"pages":null},"PeriodicalIF":0.4000,"publicationDate":"2022-12-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"EMITTER-International Journal of Engineering Technology","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.24003/emitter.v10i2.705","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"ENGINEERING, ELECTRICAL & ELECTRONIC","Score":null,"Total":0}
引用次数: 1

Abstract

The trend of API-based systems in web applications in the last few years keeps steadily growing. API allows web applications to interact with external systems to enable business-to-business or system-to-system integration which leads to multiple application innovations.  However, this trend also comes with a different surface of security problems that can harm not only web applications, but also mobile and IoT applications.  This research proposed a web application security education platform which is focused on the OWASP API security project. This platform provides different security risks such as excessive data exposure, lack of resources and rate-limiting, mass assignment, and improper asset management which cannot be found in monolithic security learning application like DVWA, WebGoat, and Multillidae II. The development also applies several methodologies such as Capture-The-Flag (CTF) learning model, vulnerability assessment, and container virtualization. Based on our experiment, we are successfully providing 10 API vulnerability challenges to the platform with 3 different levels of severity risk rating which can be exploited using tools like Burp Suite, SQLMap, and JWTCat.  In the end, based on our performance experiment, all of the containers on the platform can be deployed in approximately 16 seconds with minimum storage resource and able to serve up to 1000 concurrent users with the average throughput of 50.58 requests per second, 96.35% successful requests, and 15.94s response time.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
基于OWASP API安全项目的Web应用安全教育平台
在过去几年中,web应用程序中基于api的系统的趋势一直在稳步增长。API允许web应用程序与外部系统进行交互,从而实现企业对企业或系统对系统的集成,从而实现多个应用程序的创新。然而,这一趋势也带来了不同的安全问题,不仅会损害web应用程序,还会损害移动和物联网应用程序。本研究提出了一个以OWASP API安全项目为核心的web应用安全教育平台。该平台提供了DVWA、WebGoat、multilidae II等单片安全学习应用所不具备的数据过度暴露、缺乏资源和限速、批量分配、资产管理不当等不同的安全风险。该开发还应用了几种方法,如捕获标记(CTF)学习模型、漏洞评估和容器虚拟化。根据我们的实验,我们成功地为平台提供了10个API漏洞挑战,这些漏洞具有3个不同级别的严重风险评级,可以使用Burp Suite, SQLMap和JWTCat等工具进行利用。最后,根据我们的性能实验,平台上的所有容器可以在大约16秒内以最小的存储资源部署,并且能够为多达1000个并发用户提供服务,平均吞吐量为每秒50.58个请求,请求成功率为96.35%,响应时间为15.94秒。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
EMITTER-International Journal of Engineering Technology
EMITTER-International Journal of Engineering Technology ENGINEERING, ELECTRICAL & ELECTRONIC-
自引率
0.00%
发文量
7
审稿时长
12 weeks
期刊最新文献
Hardware Trojan Detection and Mitigation in NoC using Key authentication and Obfuscation Techniques Estimation of Confidence in the Dialogue based on Eye Gaze and Head Movement Information Experimental Study of Hydroformed Al6061T4 Elliptical Tube Samples under Different Internal Pressures Numerical Study of a Wind Turbine Blade Modification Using 30° Angle Winglet on Clark Y Foil 3D Visualization for Lung Surface Images of Covid-19 Patients based on U-Net CNN Segmentation
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1