Mid Semester Evaluation

Minor Project (IT-413) Report

On
Node Web Security

Project By: Supervisor:

Vibhu Yadav - 1130296, IT-2 Prof. Manali Singh Rajput
Renu Rozera - 1130359, IT-2 Department of Computer Engineering
Siddharth Mohan - 1130263, IT-4 NIT Kurukshetra
B.Tech, 7th Semester, Project Group : 26
 Page | 2

TABLE OF CONTENTS

1. INTRODUCTION3
2. MOTIVATION ....3
3. PROBLEM STATEMENT...4
4. OBJECTIVES.......4
5. PROJECT DESCRIPTION.......5
6. PROJECT STATUS..5
7. CONCLUSION AND FUTURE PLANS .........5
8. REFERENCES..6

Introduction
 Page | 3

Web application security is a branch of Information Security that deals specifically with
security of websites, web applications and web services. At a high level, Web application
security draws on the principles of application security but applies them specifically
to Internet and Web systems.
Web Security consists of two major areas:
Web Application Security.
Web Browser Security.
Web security nowadays can be compromised by using various methods like Injection, XSS, and
Phishing etc. where XSS is the most common web security challenge. Figure 1, shows the attack
percentage.

Figure 1: Vulnerabilities Percentage Chart.

Motivation
Most web sites have vulnerabilities, Attackers can access confidential data by breaking into web
applications. Many users are not security minded thus Attackers may target users by asking them
to visit malicious web sites. Several components could be targeted along with huge attack surface
therefore since many layers can be attacked and exploited thus it becomes very important to
secure the communication medium in order to ensure secure and reliable communication.
Being lightweight, fast, and scalable, Node.js is becoming a widely adopted platform for
developing web applications. This project provides an environment to learn how top security
risks apply to web applications developed using Node.js and how to effectively address them.
 Page | 4

Problem Statement
How some serious vulnerabilities and security flaws can manifest in Node.js Web Applications
and how to prevent it.

Objectives
All information security measures try to address at least one of three goals:

Protect the confidentiality of data

Preserve the integrity of data

Promote the availability of data for authorized use

These goals form the confidentiality, integrity, availability (CIA) triad, the basis of all security
programs Figure 2: Information security professionals who create policies and procedures (often
referred to as governance models) must consider each goal when creating a plan to protect a
computer system

Figure 2: The CIA triad.

As far as the project is concerned, the objective of the project is to act as learning environment,
demonstrating various security vulnerabilities apply to web applications developed using Node.js
and how to effectively address and resolve them.
 Page | 5

Project Description
The Project NodeWeb Security is being written in Node.js and it aims to provide a secure
communication. It also provides measures or ways through which security risks could be
minimized.
Node.js is an open-source, cross-platform JavaScript runtime environment for developing a
diverse variety of tools and applications. Although Node.js is not a JavaScript framework, many
of its basic modules are written in JavaScript, and developers can write new module in
JavaScript. The runtime environment interprets JavaScript using Google's V8 JavaScript engine.
Node.js has an event-driven architecture capable of asynchronous I/O. These design choices aim
to optimize throughput and scalability in Web applications with many input/output operations, as
well as for real-time Web applications

Project Status
Node.Js and MongoDB environment has been set up. Login/Signup authentication has been
implemented. Various potential security risks have been studied thoroughly.
Following functionalities are yet to be implemented:
Web Application UI
Injection attack
Broken Authentication
Session Management
XSS

Conclusion and Future Plans

The Project raises awareness about web application Security. Vulnerabilities represent a serious
risk to agencies and companies that have exposed their business logic to the Internet. Web
application security problems are as serious as network security problems, although they have
traditionally received considerably less attention. Attackers have begun to focus on web
application security problems, and are actively developing tools and techniques for detecting and
exploiting them.

References
[1] IEEE Internet Computing (Volume: 14, Issue: 6, Nov.-Dec. 2010)
[2] Reference erpscan Securing SAP from XSS Vulnerability Figure Vulnerability % chart
(June 13, 2015) On page(s): 3.
 Page | 6

[3] 2012 International Conference on Communication Systems and Network Technologies

Rahul Johari & Pankaj Sharma. Conference Issue Date 11-13 May 2012. On page(s): 3
[4] Assessing the Security of Node.js Platform Andres Ojamaa & Karl Duuna. On page(s):
5
[5] http://www.en.wikipedia.org/wiki/Node.js.