ARTÍCULO
TITULO

Web Application Security Education Platform Based on OWASP API Security Project

Muhammad Idris    
Iwan Syarif    
Idris Winarno    

Resumen

The trend of API-based systems in web applications in the last few years keeps steadily growing. API allows web applications to interact with external systems to enable business-to-business or system-to-system integration which leads to multiple application innovations.  However, this trend also comes with a different surface of security problems that can harm not only web applications, but also mobile and IoT applications.  This research proposed a web application security education platform which is focused on the OWASP API security project. This platform provides different security risks such as excessive data exposure, lack of resources and rate-limiting, mass assignment, and improper asset management which cannot be found in monolithic security learning application like DVWA, WebGoat, and Multillidae II. The development also applies several methodologies such as Capture-The-Flag (CTF) learning model, vulnerability assessment, and container virtualization. Based on our experiment, we are successfully providing 10 API vulnerability challenges to the platform with 3 different levels of severity risk rating which can be exploited using tools like Burp Suite, SQLMap, and JWTCat.  In the end, based on our performance experiment, all of the containers on the platform can be deployed in approximately 16 seconds with minimum storage resource and able to serve up to 1000 concurrent users with the average throughput of 50.58 requests per second, 96.35% successful requests, and 15.94s response time.

Palabras claves

 Artículos similares

       
 
Rajesh Natarajan, Gururaj Harinahallo Lokesh, Francesco Flammini, Anitha Premkumar, Vinoth Kumar Venkatesan and Shashi Kant Gupta    
Background: The Internet of Medical Things, often known as IoMT, is a revolutionary method of connecting medical equipment and the software that operates on it to the computer networks that are used in healthcare 5.0. The rapid development of smart medic... ver más
Revista: Infrastructures

 
Dan Liu, Zhongkai Yao, Xiaoxia Yang, Chunmei Xiong and Qingyu Nie    
The agricultural non-point source (NPS) pollution caused by non-irrigated farming, such as heavy metals, nitrogen and phosphorus, has posed an extreme threat to the security of agricultural product quality and watershed ecology. Thus, it is urgent to sor... ver más
Revista: Water

 
Kwangseob Kim and Kiwon Lee    
This study introduces a multi-cloud model that combines private and public cloud services for processing and managing satellite images. The multi-cloud service is established by incorporating private clouds within organizations and integrating them with ... ver más
Revista: Applied Sciences

 
Xiaobo Tan, Yingjie Xu, Tong Wu and Bohan Li    
Cross-site scripting vulnerability (XSS) is one of the most frequently exploited and harmful vulnerabilities among web vulnerabilities. In recent years, many researchers have used different machine learning methods to detect network attacks, but these me... ver más
Revista: Applied Sciences

 
Xin Tong, Bo Jin, Jingya Wang, Ying Yang, Qiwei Suo and Yong Wu    
In recent years, the number of malicious web pages has increased dramatically, posing a great challenge to network security. While current machine learning-based detection methods have emerged as a promising alternative to traditional detection technique... ver más
Revista: Applied Sciences