Journals Proceedings

Abstract

Incremental and rapid growth has been observed in Web Application’s tools and techniques. But most available Web Applications are vulnerable to attacks due to their ad hoc nature. It is difficult to evaluate security achievements unless things go wrong. The primary concern of falsehood programmer is to provide user-friendly interfaces and security is the secondary. Poor written code for Web Application present a very high risk and an attractive target for the attacker. Defensive Programming is the approach to develop secure Web Applications. The aim of this paper is twofold. Firstly, to understand PHP vulnerabilities, an attack tree has been constructed and based on the attack tree, attack scenarios for email spoofing, remote file creation, remote file inclusion and information disclosure are presented. Secondly, Defensive programming techniques are applied to handle these vulnerabilities. The work presented in this paper shall be helpful for web programmer to develop fool proof Web Applications.