A study on web application security and detecting security vulnerabilities

The world is exceedingly reliant on the Internet. Nowadays, web security is biggest challenge in the corporate world. It is considered as the principle framework for the worldwide data society. Web applications are prone to security attacks. Web security is securing a web application layer from attacks by unauthorized users. A lot of the issues that occur over a web application is mainly due to the improper input provided by the client. This paper discusses the different aspects of web security and it's weakness. The main elements of web security techniques such as the passwords, encryption, authentication and integrity are also discussed in this paper. The anatomy of a web application attack and the attack techniques are also covered in details. This paper explores a number of methods for combatting this class of threats and assesses why they have not proven more successful. This paper proposes a better way for minimizing these type of web vulnerabilities. It also provides the best security mechanisms for the said attacks.

[1]  Kim-Kwang Raymond Choo,et al.  Forensic Taxonomy of Popular Android mHealth Apps , 2015, AMCIS.

[2]  Lin Liu,et al.  DIGITAL & MULTIMEDIA SCIENCES , 2016 .

[3]  Mariano Ceccato,et al.  Towards security testing with taint analysis and genetic algorithms , 2010, SESS '10.

[4]  Kim-Kwang Raymond Choo,et al.  Web application protection techniques: A taxonomy , 2016, J. Netw. Comput. Appl..

[5]  S. Panda,et al.  Protection of Web Application against Sql Injection Attacks , 2013 .

[6]  Yasser Fouad,et al.  A Survey of SQL Injection Attack Detection and Prevention , 2014 .

[7]  Lionel C. Briand,et al.  Mining SQL injection and cross site scripting vulnerabilities using hybrid program analysis , 2013, 2013 35th International Conference on Software Engineering (ICSE).

[8]  M. Masrom,et al.  SQL injection detection and prevention tools assessment , 2010, 2010 3rd International Conference on Computer Science and Information Technology.

[9]  M. L. Dhore,et al.  CIDT: Detection of Malicious Code Injection Attacks on Web Application , 2012 .

[10]  Bazara I. A. Barry,et al.  Developing a security model to protect websites from cross-site scripting attacks using ZEND framework application , 2013, 2013 INTERNATIONAL CONFERENCE ON COMPUTING, ELECTRICAL AND ELECTRONIC ENGINEERING (ICCEEE).

[11]  Kim-Kwang Raymond Choo,et al.  A Study of Ten Popular Android Mobile VoIP Applications: Are the Communications Encrypted? , 2014, 2014 47th Hawaii International Conference on System Sciences.

[12]  Andrea Avancini Security testing of web applications: A research plan , 2012, 2012 34th International Conference on Software Engineering (ICSE).

[13]  Angelos D. Keromytis,et al.  On the General Applicability of Instruction-Set Randomization , 2010, IEEE Transactions on Dependable and Secure Computing.

[14]  Lwin Khin Shar,et al.  Automated removal of cross site scripting vulnerabilities in web applications , 2012, Inf. Softw. Technol..

[15]  R. Kumar Mitigating the authentication vulnerabilities in Web applications through security requirements , 2011, 2011 World Congress on Information and Communication Technologies.