Biblio

Dependence of the individuals on the Internet for performing the several actions require secure data communication. Thus, the reliable data communication improves the confidentiality. As, enhanced security leads to reliable and faster communication. To improve the reliability and confidentiality, there is dire need of fully secured authentication method. There are several methods of password protections were introduced to protect the confidentiality and reliability. Most of the existing methods are based on alphanumeric approaches, but few methods provide the dual authentication process. In this paper, we introduce improved graphical password authentication using Twofish Encryption and Visual Cryptography (TEVC) method. Our proposed TEVC is unpredictably organized as predicting the correct graphical password and arranging its particles in the proper order is harder as compared to traditional alphanumeric password system. TEVC is tested by using JAVA platform. Based on the testing results, we confirm that proposed TEVC provides secure authentication. TEVC encryption algorithm detected as more prudent and possessing lower time complexity as compared to other known existing algorithms message code confirmation and fingerprint scan with password.

The Java platform and its third-party libraries provide useful features to facilitate secure coding. However, misusing them can cost developers time and effort, as well as introduce security vulnerabilities in software. We conducted an empirical study on StackOverflow posts, aiming to understand developers' concerns on Java secure coding, their programming obstacles, and insecure coding practices. We observed a wide adoption of the authentication and authorization features provided by Spring Security - a third-party framework designed to secure enterprise applications. We found that programming challenges are usually related to APIs or libraries, including the complicated cross-language data handling of cryptography APIs, and the complex Java-based or XML-based approaches to configure Spring Security. In addition, we reported multiple security vulnerabilities in the suggested code of accepted answers on the StackOverflow forum. The vulnerabilities included disabling the default protection against Cross-Site Request Forgery (CSRF) attacks, breaking SSL/TLS security through bypassing certificate validation, and using insecure cryptographic hash functions. Our findings reveal the insufficiency of secure coding assistance and documentation, as well as the huge gap between security theory and coding practices.