scholarly journals Vulnerability Scanning Technology on Web Applications

2021 ◽  
Vol 9 (VI) ◽  
pp. 991-995
Author(s):  
Aarushi Dwivedi
Keyword(s):  
Web Application ◽  
Web Applications ◽  
Daily Life ◽  
Modern Society ◽  
Security Level ◽  
Security Vulnerabilities ◽  
Web Application Security ◽  
Application Security ◽  
Vulnerability Scanner ◽  
Cross Site

Modern society is far more dependent on web applications than the previous generations. Even though our dependence is increasing rapidly, the security level is far lower than required. To guarantee the security of the data system in the industry and our daily life, it is especially crucial to find out web application security vulnerabilities quickly and accurately. A vulnerability is a state of being unprotected from the prospect of an attack. It permits an attacker to gain a certain level of command of the site, and possibly the hosting server. One such vulnerability is the cross-site scripting vulnerability. In this exposition, a generic vulnerability scanner is proposed which can be customized to find any number of vulnerabilities. The scanner maps out the website and gives a report of all the vulnerabilities. For the purpose of evaluation, it has been customized to find XSS vulnerability in web applications.

scholarly journals Web Vulnerability Through Cross Site Scripting (XSS) Detection with OWASP Security Shepherd

2021 ◽  
Vol 3 (2) ◽  
pp. 149
Author(s):  
Ripto Mukti Wibowo ◽  
Aruji Sulaksono
Keyword(s):  
Web Application ◽  
Web Applications ◽  
Cost Effective ◽  
Internet Technology ◽  
Cyber Attack ◽  
Security Threat ◽  
Web Application Security ◽  
Application Security ◽  
Case Examples ◽  
Cross Site

Web applications are needed as a solution to the use of internet technology that can be accessed globally, capable of displaying information that is rich in content, cost effective, easy to use and can also be accessed by anyone, anytime and anywhere. In the second quarter of 2020, Wearesocial released information related to internet users in the world around 4.54 billion with 59% penetration. People become very dependent on the internet and also technology. This condition was also triggered due to the Covid-19 pandemic.One thing that becomes an issue on website application security is internet attacks on website platforms and we never expected the vulnerability. One type of attack or security threat that often arises and often occurs is Cross Site Scripting (XSS). XSS is one of Top 10 Open Web Application Security Projects (OWASP) lists.There are several alternatives that we can use to prevent cyber-attack. OWASP Security Shepherd can be used as a way to prevent XSS attacks. The OWASP Security Shepherd project allows users to learn or develop their manual penetration testing skills. In this research, there are several case examples or challenges that we can use as a simulation of the role of OWASP Security Shepherd to detect this XSS. The purpose of this paper is to conduct a brief and clear review of technology on OWASP Security Shepherd. This technology was chosen as an appropriate and inexpensive alternative for users to ward off XSS attacks.

scholarly journals SQL Injection and Cross Site Scripting Prevention using OWASP ModSecurity Web Application Firewall

2018 ◽  
Vol 2 (4) ◽  
pp. 286 ◽  
Author(s):  
Robinson ◽  
Memen Akbar ◽  
Muhammad Arif Fadhly Ridha
Keyword(s):  
Web Application ◽  
Web Applications ◽  
Monitoring Network ◽  
Sql Injection ◽  
Web Application Security ◽  
Ip Address ◽  
Application Security ◽  
Rule Set ◽  
Security Rule ◽  
Cross Site

Web Application or website are widely used to provide functionality that allows companies to build and maintain relationships with their customers. The Information stored by web applications is often confidential and, if obtained by malicious attackers. Its exposure could result in substantial losses for both consumers and companies. SQL Injection and Cross Site Scripting are attacks that aiming web application database vulnerabilities. Its can allow malicious attackers to manipulate web server database that can cause various data lost, information thieving, and inconsistent of data. Therefore, this research propose the Open Web Application Security Project (OWASP) ModSecurity Core Rule Set which can help administrator securing the web servers. OWASP operate by blocking IP Address which try to breaking the security rule, monitoring network traffic and preventing suspicious network requesting from outside.

scholarly journals Static analysis for discovering IoT vulnerabilities

2020 ◽  
Author(s):  
Pietro Ferrara ◽  
Amit Kr Mandal ◽  
Agostino Cortesi ◽  
Fausto Spoto
Keyword(s):  
Static Analysis ◽  
Web Application ◽  
Web Applications ◽  
Security Vulnerabilities ◽  
Web Application Security ◽  
Robust Solution ◽  
Representative Case ◽  
Application Security ◽  
Industrial Analyzer ◽  
The Relationship

AbstractThe Open Web Application Security Project (OWASP), released the “OWASP Top 10 Internet of Things 2018” list of the high-priority security vulnerabilities for IoT systems. The diversity of these vulnerabilities poses a great challenge toward development of a robust solution for their detection and mitigation. In this paper, we discuss the relationship between these vulnerabilities and the ones listed by OWASP Top 10 (focused on Web applications rather than IoT systems), how these vulnerabilities can actually be exploited, and in which cases static analysis can help in preventing them. Then, we present an extension of an industrial analyzer (Julia) that already covers five out of the top seven vulnerabilities of OWASP Top 10, and we discuss which IoT Top 10 vulnerabilities might be detected by the existing analyses or their extension. The experimental results present the application of some existing Julia’s analyses and their extension to IoT systems, showing its effectiveness of the analysis of some representative case studies.

scholarly journals Web Application Penetration Testing Using SQL Injection Attack

2021 ◽  
Vol 5 (3) ◽  
pp. 320
Author(s):  
Alde Alanda ◽  
Deni Satria ◽  
M.Isthofa Ardhana ◽  
Andi Ahmad Dahlan ◽  
Hanriyawan Adnan Mooduto
Keyword(s):  
Web Application ◽  
Web Applications ◽  
Rapid Development ◽  
Security Level ◽  
Sensitive Information ◽  
Sql Injection ◽  
Web Application Security ◽  
Penetration Testing ◽  
Application Security ◽  
Sql Injection Attack

A web application is a very important requirement in the information and digitalization era. With the increasing use of the internet and the growing number of web applications, every web application requires an adequate security level to store information safely and avoid cyber attacks. Web applications go through rapid development phases with short turnaround times, challenging to eliminate vulnerabilities. The vulnerability on the web application can be analyzed using the penetration testing method. This research uses penetration testing with the black-box method to test web application security based on the list of most attacks on the Open Web Application Security Project (OWASP), namely SQL Injection. SQL injection allows attackers to obtain unrestricted access to the databases and potentially collecting sensitive information from databases. This research randomly tested several websites such as government, schools, and other commercial websites with several techniques of SQL injection attack. Testing was carried out on ten websites randomly by looking for gaps to test security using the SQL injection attack. The results of testing conducted 80% of the websites tested have a weakness against SQL injection attacks. Based on this research, SQL injection is still the most prevalent threat for web applications. Further research can explain detailed information about SQL injection with specific techniques and how to prevent this attack.

scholarly journals An Overview Over the Open Source Resources for Web Applications Security

2017 ◽  
Vol 3 (1) ◽  
Author(s):  
Emerson Assis Carvalho ◽  
Fernanda Ramos de Carvalho ◽  
Lucyara Silva Ribeiro ◽  
Germano Estevam Simão Pereira ◽  
Túlio César Lopes Alves
Keyword(s):  
Open Source ◽  
Web Application ◽  
Web Applications ◽  
Web Security ◽  
Security Vulnerabilities ◽  
Web Application Security ◽  
Application Security ◽  
Complete Report

This work presents a web application security overview, presenting its main concepts and areas, the open source resources available, the most com- mon web security vulnerabilities and how to prevent them. We also have used some open source web application security scanners to test the security of a simple web application. We have used more than one scanner, aiming to have a complete report over the vulnerabilities and to make a comparison between them. We have used a web application previously developed without any concern about security. Our reports were on the vulnerabilities found and how much was easy or not to interpret and fix them.

scholarly journals USE OF “OWASP TOP 10” IN WEB APPLICATION SECURITY

2020 ◽  
Author(s):  
Nikola Nedeljković ◽  
◽  
Natalija Vugdelija ◽  
Nenad Kojić ◽  
◽  
...  
Keyword(s):  
Web Application ◽  
Web Applications ◽  
Risk Awareness ◽  
Security Risks ◽  
Security Vulnerabilities ◽  
Web Application Security ◽  
Application Security ◽  
Increased Risk

Web application security vulnerabilities can lead to various attacks on users, some of which can have major consequences. It is important to point out the weaknesses that allow abuse, because often increased risk awareness is the first step in protecting web applications. Some of the most critical security risks that organizations face today have been analyzed and uncovered using OWASP Top 10. This paper presents concrete examples of attacks and abuse of web applications. Through the implementation and analysis of attacks on web applications, weaknesses that need to be eliminated in order to protect against potential new attacks are identified. Especially, suggestions to help protect web applications from each type of attack listed and described are provided.

scholarly journals Preventive Measures for Cross Site Request Forgery Attacks on Web-based Applications

2018 ◽  
Vol 7 (4.15) ◽  
pp. 130
Author(s):  
Emil Semastin ◽  
Sami Azam ◽  
Bharanidharan Shanmugam ◽  
Krishnan Kannoorpatti ◽  
Mirjam Jonokman ◽  
...  
Keyword(s):  
Web Application ◽  
Web Applications ◽  
Operating Cycle ◽  
Web Application Security ◽  
Web Based ◽  
Business World ◽  
Application Security ◽  
Server Side ◽  
Combined Solution ◽  
Cross Site Request Forgery

Today’s contemporary business world has incorporated Web Services and Web Applications in its core of operating cycle nowadays and security plays a major role in the amalgamation of such services and applications with the business needs worldwide. OWASP (Open Web Application Security Project) states that the effectiveness of security mechanisms in a Web Application can be estimated by evaluating the degree of vulnerability against any of the nominated top ten vulnerabilities, nominated by the OWASP. This paper sheds light on a number of existing tools that can be used to test for the CSRF vulnerability. The main objective of the research is to identify the available solutions to prevent CSRF attacks. By analyzing the techniques employed in each of the solutions, the optimal tool can be identified. Tests against the exploitation of the vulnerabilities were conducted after implementing the solutions into the web application to check the efficacy of each of the solutions. The research also proposes a combined solution that integrates the passing of an unpredictable token through a hidden field and validating it on the server side with the passing of token through URL.  

DATABASE PROTECTION BASED ON WEB APPLICATION FIREWALL

2021 ◽  
Vol 1 ◽  
pp. 84-90
Author(s):  
Rustam Kh. Khamdamov ◽  
◽  
Komil F. Kerimov ◽  
Keyword(s):  
Web Application ◽  
Web Applications ◽  
Personal Information ◽  
Database Security ◽  
Security Threats ◽  
Web Application Security ◽  
Application Security ◽  
Client Request ◽  
Database Protection ◽  
Information Bank

Web applications are increasingly being used in activities such as reading news, paying bills, and shopping online. As these services grow, you can see an increase in the number and extent of attacks on them, such as: theft of personal information, bank data and other cases of cybercrime. All of the above is a consequence of the openness of information in the database. Web application security is highly dependent on database security. Client request data is usually retrieved by a set of requests that request the application user. If the data entered by the user is not scanned very carefully, you can collect a whole host of types of attacks that use web applications to create security threats to the database. Unfortunately, due to time constraints, web application programmers usually focus on the functionality of web applications, but only few worry about security. This article provides methods for detecting anomalies using a database firewall. The methods of penetration and types of hacks are investigated. A database firewall is proposed that can block known and unknown attacks on Web applications. This software can work in various ways depending on the configuration. There are almost no false positives, and the overhead of performance is relatively small. The developed database firewall is designed to protect against attacks on web application databases. It works as a proxy, which means that requests for SQL expressions received from the client will first be sent to the developed firewall, rather than to the database server itself. The firewall analyzes the request: requests that are considered strange are blocked by the firewall and an empty result is returned to the client.

scholarly journals Secure ASP.NET Web Application by Discovering Broken Authentication and Session Management Vulnerabilities

2017 ◽  
Vol 10 (2) ◽  
pp. 359-363
Author(s):  
Rupal Sharma ◽  
Ravi Sheth
Keyword(s):  
Web Service ◽  
Web Application ◽  
Web Applications ◽  
The Other ◽  
Web Application Security ◽  
Application Security ◽  
Security Vulnerability ◽  
Session Management ◽  
The Given ◽  
The Web

Today, web application security is most significant battlefield between victim, attacker and resource of web service. The owner of web applications can’t see security vulnerability in web application which develops in ASP.NET. This paper explain one algorithm which aim to identify broken authentication and session management vulnerability. The given method of this paper scan the web application files. The created scanner generator relies on studying the source character of the application limited ASP.NET files and the code be beholden files. A program develop for this motive is to bring about a report which describes vulnerabilities types by mentioning the indict name, disclose description and its location. The aim of the paper is to discover the broken authentication and session management vulnerabilities. The indicated algorithm will uphold organization and developer to repair the vulnerabilities and recover from one end to the other security.

AUTOMATED VULNERABILITY SEARCH IN A WEB APPLICATION BASED ON REINFORCEMENT LEARNING

2021 ◽  
Vol 53 (1) ◽  
pp. 91-97
Author(s):  
OLGA N. VYBORNOVA ◽  
◽  
ALEKSANDER N. RYZHIKOV ◽  
Keyword(s):  
Reinforcement Learning ◽  
Web Application ◽  
Web Applications ◽  
Subject Area ◽  
Learning Technology ◽  
Web Application Security ◽  
Vulnerability Scanner ◽  
Learning Agent ◽  
Markov Decision ◽  
Python Programming

We analyzed the urgency of the task of creating a more efficient (compared to analogues) means of automated vulnerability search based on modern technologies. We have shown the similarity of the vulnerabilities identifying process with the Markov decision-making process and justified the feasibility of using reinforcement learning technology for solving this problem. Since the analysis of the web application security is currently the highest priority and in demand, within the framework of this work, the application of the mathematical apparatus of reinforcement learning with to this subject area is considered. The mathematical model is presented, the specifics of the training and testing processes for the problem of automated vulnerability search in web applications are described. Based on an analysis of the OWASP Testing Guide, an action space and a set of environment states are identified. The characteristics of the software implementation of the proposed model are described: Q-learning is implemented in the Python programming language; a neural network was created to implement the learning policy using the tensorflow library. We demonstrated the results of the Reinforcement Learning agent on a real web application, as well as their comparison with the report of the Acunetix Vulnerability Scanner. The findings indicate that the proposed solution is promising.

Sign in / Sign up

Export Citation Format

Share Document