Preface

One of the main challenges that modern Information Systems are dealing with is the protection of security for both the external users that take advantage of the various services offered as well as the stakeholders and internal users. Security is dealt in every level of system development from the analysis stage through the implementation and testing stages. In every stage a number of methods and techniques have been proposed trying to fulfill the basic security concerns namely confidentiality, integrity and availability.

Nowadays the rapid development of new information infrastructures increases users' dependability on Information Systems and this can lead to a vulnerable information society based on insecure technologies. Indeed, more and more users access services and electronically transmit information which is usually disseminated over insecure networks and processed by websites and databases, which lack proper security protection mechanisms and tools. This may have an impact on both the users' trust as well as the reputation of the system's stakeholders. Designing and implementing security enhanced systems is of vital importance.

Therefore, this book aims to present a number of innovative security enhanced applications, it is titled "Security Enhanced Applications for Information Systems" and includes 11 chapters. This book is a quality guide for teaching purposes as well as for young researchers since it presents leading innovative contributions on security enhanced applications on various Information Systems. It involves cases based on the standalone, network and Cloud environments.

> **Christos Kalloniatis** Department of Cultural Technology and Communication, University of the Aegean, Greece

**1**

*China* 

**Web and Database Security**

*Zhejiang Normal University,* 

Jiping Xiong, Lifeng Xuan, Jian Zhao and Tao Huang

In recent years, with the frequent occurrence of security incidents, enterprises and organizations have now realized the importance of designing a safety information system. Today, information systems are heavily relied on web and database technologies, thus the risks and threats those technologies faced will also affect the security of information systems. Web and database security technologies can ensure the confidentiality, integrity and usability of data in information system, and can effectively protect the security and reliability of information system. Therefore, in order to better secure the information systems, we need to learn Web and database security-related knowledge. This chapter

This chapter can be divided into three parts: advanced security threats, the principles of safety design and safety audit; Advanced security threats section contains cross-site scripting (XSS) attacks, AJAX and SQL injection attacks and other security threats, which will be presented in detail; the principles of safe design section describe the general safety design principles to help design information systems security; last section describes the manual and automatically audit methods, and general security audit framework to help

As Web applications become increasingly complex, it is required for the performance of Web services is also increasing. AJAX (Asynchronous JavaScript and XML) (Garrett, 2005) technology is mainstream technology of Web2.0 that enables the browser to provide users with more natural browsing experience. With asynchronous communication, user can submit, wait and refresh mode freely, update partial page dynamically. So it allows users to

However, a variety of Web applications has brought us countless convenience, produced a series of security problems. When the introduction of AJAX technology, because of its inability to solve the security problems, the traditional Web security problems still exist, along with elements of the composition and structure of AJAX features, will lead to new

covers extensively practical and useful knowledge of web and database security.

**1. Introduction** 

readers to understand more clearly.

**2. Advanced security threats**

have a smooth experience similar in desktop applications.

**2.1 Web security threats**

**2.1.1 AJAX security** 
