ACHARIYA COLLEGE OF ENGINEERING

TECHNOLOGY
(Approved by AICTE & Affiliated to Pondicherry University)
(An ISO 9001-2015 Certified Institute)

ADAPTIVE WEB SECURITY FRAMEWORK USING HYBRID

SECURITY MECHANISM
Name Register Number
ABINATH M [21TD0453]
AKASH B [21TD0454]
ARSHATH AHAMED I [21TD0462]
BALAN G [21TD0466]

UNDER THE GUIDANCE OF

Mrs. S. JANSI, M.E.
Assistant Professor
Department of Computer Science and Engineering
ACHARIYA COLLEGE OF ENGINEERING TECHNOLOGY
Date of presentaion:31/01/2025
 INTRODUCTION
Brief Introduction
• Our project introduces an Adaptive Web Security Framework that integrates:
• RBAC (Role-Based Access Control) – Ensuring access control based on user roles.
• API Gateway Protection – Securing API endpoints from unauthorized access.
• JWT Authentication – Implementing token-based authentication for secure user sessions.
• Behavioral-Based Dynamic Encryption – Adapting encryption strategies based on user behavior for
enhanced security.
Problem Statement
• Modern web applications face critical security challenges, including:
• Unauthorized data access leading to potential breaches.
• API vulnerabilities that expose sensitive endpoints.
• Weak or static encryption methods failing against evolving threats.
• Without robust security measures, sensitive data is at risk, impacting compliance and trust.
Importance & Motivation
• Rising Cyber Threats – The growing number of cyberattacks demands advanced security mechanisms.
 OBJECTIVES
• Implement and showcase RBAC (Role-Based Access Control), JWT API Security, Behavioral-Based
Dynamic Encryption, and Secure File Sharing as practical solutions to protect applications and prevent
unauthorized access.

• Show potential vulnerabilities and issues that arise in systems without these security features, including
unauthorized access, API token misuse, weak encryption risks, and insecure file handling.

• Analyze how RBAC, JWT API Security, Behavioral-Based Dynamic Encryption, and Secure File
Sharing enhance security and mitigate threats in real-world application environments.

• Guide on best practices for implementing these security mechanisms to strengthen application security, data
integrity, and compliance.
 LITERATURE SURVEY

Si No Author Existing Technology Research Gap

1 Amit Sharma,R.K.Bawa This paper provides an integrated Agile lacks integrated security,
framework for secure agile and existing frameworks are too
development according to the need of rigid. Our Adaptive Web Security
a particular project while keeping in Framework embeds RBAC, API
consideration the requirement of Gateway Protection, JWT
every stakeholder including customer, Authentication, and Dynamic
team and project analyst. Encryption, ensuring security
without compromising agility.

2 Wei Zhang, Xusheng Xiao, Implementation of API Gateways for The study covers general API
Lori L. Pollock, K. Vijay- securing web applications, focusing Gateway implementations but
Shanker on central management of API traffic, lacks in-depth analysis of API
authentication, and request validation. security in microservices
architectures and integration with
advanced authentication methods
like JWT.
3 R. Mascetti, M. Piccinelli, C. Bettini Best practices for implementing The paper does not address
JSON Web Tokens (JWT) in web the integration of JWT with
applications, with an emphasis on other security measures,
mitigating risks like token leakage such as API Gateway
and replay attacks. security and RBAC, in a
holistic security framework.

4 John Doe, Jane Smith A survey of modern API Gateway The paper discusses various
architectures, including security, architectural patterns but
scalability, and monitoring features. lacks specific strategies for
integrating API Gateway
security with RBAC and
JWT-based authentication
in web applications.
5 A. Miller, B. Thomas Empirical analysis of JWT security The study highlights JWT
in real-world web applications, security flaws but does not
identifying common vulnerabilities explore the combined use
and recommending secure practices. of JWT with other security
layers, such as API
Gateway and RBAC, to
enhance overall application
security.

6 Mark E. Nissen, Michael E. Robins Role-Based Access Control (RBAC) The paper focuses on
models in distributed systems and RBAC in military and
their applications in military and enterprise settings but lacks
enterprise environments. exploration of RBAC in
web-based applications and
its integration with API
security.
7 Gilberto T. Carvalho, Marcelo Y. Secure API Gateway solutions in While the study explores
Becker, Raul Ceretta Nunes cloud computing, highlighting their API security in cloud
role in managing API security computing, it doesn't
across distributed environments. address how API Gateway
security can be combined
with RBAC and JWT for a
comprehensive web
application security
strategy.

8 Yaniv Aknin, Gadi Kenig, and Security challenges in The paper discusses general
Hanan Luzon microservices, with a focus on security challenges in
securing communication and data microservices but lacks
flow between services using tokens. specific strategies for using
JWT in conjunction with
API Gateways and RBAC
to secure web applications.
 SYSTEM ARCHITECTURE

The system design outlines the architecture and key

components required for building a secure, scalable, and
efficient web application. The system is divided into
multiple interconnected modules that work together to
provide security, performance, and scalability. Each
module plays a critical role in managing access control,
securing APIs, and protecting sensitive data. The
architecture is designed around a microservices-based
approach, which allows for scalability and flexibility in
deployment.
 TECHNOLOGY STACK

Frontend:
• React.js – Core framework for building dynamic UI.
• Javascript, HTML and CSS.
Backend:
• Node.js with Express.js – Handles API requests and server-side logic for the Drag-and-Drop
concept.
Database:
• MongoDB – Stores project data, user configurations, and version history.
Tools:
• VS Code – Development and debugging.
• GitHub – Tracks changes and collaboration.
 SYSTEM DESIGN
UML Diagram

Flowchart
IMPLEMENTATION ROADMAP

12 17 22 27
PAPER PUBLICATION AND PATENT STATUS
Research Paper

• Preparing for submission to an International Tamil Conference.

Base Paper Contribution:
• Previous research only used the only separate mechanisms.
• Their future enhancement suggested exploring and combining all the four mechanisms.

Our Project’s Goal:

Implements an integrated security model using:

• Role-Based Access Control (RBAC) – Ensuring users have appropriate permissions.

• JWT API Security – Enhancing authentication and secure API interactions.

• Behavioral-Based Dynamic Encryption – Adapting encryption based on user behavior for

enhanced security.
 FUTURE SCOPE

• Integration of AI models for diagnosing diseases based on patient data

• Use of machine learning for predictive analytics (e.g., predicting health conditions based on historical
data)

• Implement real-time video consultations with doctors

• Expand to include remote monitoring for chronic patients via IoT-enabled devices

• Build specialized security modules for e-commerce websites to protect payment gateways and customer
data

• Secure online transactions and prevent fraud for e-commerce platforms

 CONCLUSION
• Successfully integrated RBAC, JWT, API Security, and Behavioral-Based Dynamic Encryption within a
test environment.

• Demonstrated how these mechanisms collectively strengthen system protection and prevent unauthorized
access.

• Evaluated how each security feature enhances protection, reduces risks, and mitigates common security
threats.

• As applications grow in complexity, a multi-layered security approach is essential to ensure data integrity,
compliance, and user privacy.

• Potential to extend security measures by integrating anomaly detection, AI-driven threat response, and
advanced encryption algorithms for enhanced protection.
 REFERENCES
1. Sharma, A., & Bawa, R. K. (2020). Identification and integration of security activities for secure agile
development. International Journal of Information Technology. Bharati Vidyapeeth's Institute of Computer
Applications and Management. DOI: 10.1007/s41870-020-00446-4.
2. Kizza, J. M. (2020). Guide to Computer Network Security. Springer. This book provides a thorough
introduction to network security concepts, including cryptographic protocols, malware, and security in
distributed systems. DOI: 10.1007/978-3-030-40161-1
3. Anderson, R. (2020). Security Engineering: A Guide to Building Dependable Distributed Systems. John
Wiley & Sons. This resource covers the principles and techniques for engineering secure and reliable
distributed systems, with a focus on real-world applications and threats. DOI: 10.1002/9781119642784
4. Stuttard, D., & Pinto, M. (2021). The Web Application Hacker's Handbook: Finding and Exploiting Security
Flaws. Wiley Publishing..
5. National Institute of Standards and Technology (NIST) (2021). Security and Privacy Controls for
Information Systems and Organizations. NIST Special Publication 800-53 Rev. 5.. DOI:
10.6028/NIST.SP.800-53r5
 Q&A

We welcome your questions!