Secure web application technologies implementation through hardening security headers using automated threat modelling techniques
Loading...
Date
2022
Journal Title
Journal ISSN
Volume Title
Publisher
Scientific Research Publishing Inc.
Abstract
This paper investigates whether security headers are enforced to mitigate cyber-
attacks in web-based systems in cyberspace. The security headers examined
include X-Content-Type-Options, X-Frame-Options, Strict-Transport-Security,
Referrer-Policy, Content-Security-Policy, and Permissions-Policy. The study
employed a controlled experiment using a security header analysis tool. The
web-based applications (websites) were analyzed to determine whether security
headers have been correctly implemented. The experiment was iterated
for 100 universities in Africa which are ranked high. The purposive sampling
technique was employed to understand the status quo of the security headers
implementations. The results revealed that 70% of the web-based applications
in Africa have not enforced security headers in web-based applications. The
study proposes a secure system architecture design for addressing web-based
applications’ misconfiguration and insecure design. It presents security techniques
for securing web-based applications through hardening security headers
using automated threat modelling techniques. Furthermore, it recommends
adopting the security headers in web-based applications using the
proposed secure system architecture design.
Description
Journal article, Journal of Information Security, 2023, 14, 1-15
Keywords
Secure web applications, Security headers, Systems security, Secure web architecture design
Citation
How to cite this paper: Mlyatu, M.M. and Sanga, C. (2023) Secure Web Application Technologies Implementation through Hardening Security Headers Using Automated Threat Modelling Techniques. Journal of Information Security , 14, 1-15. https://doi.org/10.4236/jis.2023.141001