TITLE:
Secure Web Application Technologies Implementation through Hardening Security Headers Using Automated Threat Modelling Techniques
AUTHORS:
Maduhu Mshangi Mlyatu, Camilius Sanga
KEYWORDS:
Secure Web Applications, Security Headers, Systems Security, Secure Web Architecture Design
JOURNAL NAME:
Journal of Information Security,
Vol.14 No.1,
November
30,
2022
ABSTRACT: This paper investigates whether security headers are enforced to mitigate
cyber-attacks in web-based systems in
cyberspace. The security headers examined include X-Content-Type-Options, X-Frame-Options,
Strict-Transport-Security, Referrer-Policy, Content-Security-Policy, and
Permissions-Policy. The study employed a controlled experiment using a security
header analysis tool. The web-based applications (websites) were analyzed to
determine whether security headers have been correctly implemented. The
experiment was iterated for 100 universities in Africa which are ranked high.
The purposive sampling technique was employed to understand the status quo of
the security headers implementations. The results revealed that 70% of the
web-based applications in Africa have not enforced security headers in
web-based applications. The study proposes a secure system architecture design
for addressing web-based applications’ misconfiguration and insecure design. It
presents security techniques for securing web-based applications through
hardening security headers using automated threat modelling techniques. Furthermore,
it recommends adopting the security headers in web-based applications using the proposed secure system
architecture design.