scholarly journals New Attack Potential Measurement Method to Kaizen Event for Web Application Security Vulnerabilities

2019 ◽  
Vol 10 (2) ◽  
pp. 89-112
Author(s):  
Kuo-Sui Lin
Keyword(s):  
Web Application ◽  
Measurement Method ◽  
Security Vulnerabilities ◽  
Web Application Security ◽  
Potential Measurement ◽  
Application Security

scholarly journals Static analysis for discovering IoT vulnerabilities

2020 ◽  
Author(s):  
Pietro Ferrara ◽  
Amit Kr Mandal ◽  
Agostino Cortesi ◽  
Fausto Spoto
Keyword(s):  
Static Analysis ◽  
Web Application ◽  
Web Applications ◽  
Security Vulnerabilities ◽  
Web Application Security ◽  
Robust Solution ◽  
Representative Case ◽  
Application Security ◽  
Industrial Analyzer ◽  
The Relationship

AbstractThe Open Web Application Security Project (OWASP), released the “OWASP Top 10 Internet of Things 2018” list of the high-priority security vulnerabilities for IoT systems. The diversity of these vulnerabilities poses a great challenge toward development of a robust solution for their detection and mitigation. In this paper, we discuss the relationship between these vulnerabilities and the ones listed by OWASP Top 10 (focused on Web applications rather than IoT systems), how these vulnerabilities can actually be exploited, and in which cases static analysis can help in preventing them. Then, we present an extension of an industrial analyzer (Julia) that already covers five out of the top seven vulnerabilities of OWASP Top 10, and we discuss which IoT Top 10 vulnerabilities might be detected by the existing analyses or their extension. The experimental results present the application of some existing Julia’s analyses and their extension to IoT systems, showing its effectiveness of the analysis of some representative case studies.

scholarly journals Systematic Review of Web Application Security Vulnerabilities Detection Methods

2015 ◽  
Vol 03 (09) ◽  
pp. 28-40 ◽  
Author(s):  
Sajjad Rafique ◽  
Mamoona Humayun ◽  
Zartasha Gul ◽  
Ansar Abbas ◽  
Hasan Javed
Keyword(s):  
Systematic Review ◽  
Web Application ◽  
Detection Methods ◽  
Security Vulnerabilities ◽  
Web Application Security ◽  
Application Security

scholarly journals An Overview Over the Open Source Resources for Web Applications Security

2017 ◽  
Vol 3 (1) ◽  
Author(s):  
Emerson Assis Carvalho ◽  
Fernanda Ramos de Carvalho ◽  
Lucyara Silva Ribeiro ◽  
Germano Estevam Simão Pereira ◽  
Túlio César Lopes Alves
Keyword(s):  
Open Source ◽  
Web Application ◽  
Web Applications ◽  
Web Security ◽  
Security Vulnerabilities ◽  
Web Application Security ◽  
Application Security ◽  
Complete Report

This work presents a web application security overview, presenting its main concepts and areas, the open source resources available, the most com- mon web security vulnerabilities and how to prevent them. We also have used some open source web application security scanners to test the security of a simple web application. We have used more than one scanner, aiming to have a complete report over the vulnerabilities and to make a comparison between them. We have used a web application previously developed without any concern about security. Our reports were on the vulnerabilities found and how much was easy or not to interpret and fix them.

scholarly journals Vulnerability Scanning Technology on Web Applications

2021 ◽  
Vol 9 (VI) ◽  
pp. 991-995
Author(s):  
Aarushi Dwivedi
Keyword(s):  
Web Application ◽  
Web Applications ◽  
Daily Life ◽  
Modern Society ◽  
Security Level ◽  
Security Vulnerabilities ◽  
Web Application Security ◽  
Application Security ◽  
Vulnerability Scanner ◽  
Cross Site

Modern society is far more dependent on web applications than the previous generations. Even though our dependence is increasing rapidly, the security level is far lower than required. To guarantee the security of the data system in the industry and our daily life, it is especially crucial to find out web application security vulnerabilities quickly and accurately. A vulnerability is a state of being unprotected from the prospect of an attack. It permits an attacker to gain a certain level of command of the site, and possibly the hosting server. One such vulnerability is the cross-site scripting vulnerability. In this exposition, a generic vulnerability scanner is proposed which can be customized to find any number of vulnerabilities. The scanner maps out the website and gives a report of all the vulnerabilities. For the purpose of evaluation, it has been customized to find XSS vulnerability in web applications.

scholarly journals USE OF “OWASP TOP 10” IN WEB APPLICATION SECURITY

2020 ◽  
Author(s):  
Nikola Nedeljković ◽  
◽  
Natalija Vugdelija ◽  
Nenad Kojić ◽  
◽  
...  
Keyword(s):  
Web Application ◽  
Web Applications ◽  
Risk Awareness ◽  
Security Risks ◽  
Security Vulnerabilities ◽  
Web Application Security ◽  
Application Security ◽  
Increased Risk

Web application security vulnerabilities can lead to various attacks on users, some of which can have major consequences. It is important to point out the weaknesses that allow abuse, because often increased risk awareness is the first step in protecting web applications. Some of the most critical security risks that organizations face today have been analyzed and uncovered using OWASP Top 10. This paper presents concrete examples of attacks and abuse of web applications. Through the implementation and analysis of attacks on web applications, weaknesses that need to be eliminated in order to protect against potential new attacks are identified. Especially, suggestions to help protect web applications from each type of attack listed and described are provided.

scholarly journals Preventive Measures for Cross Site Request Forgery Attacks on Web-based Applications

2018 ◽  
Vol 7 (4.15) ◽  
pp. 130
Author(s):  
Emil Semastin ◽  
Sami Azam ◽  
Bharanidharan Shanmugam ◽  
Krishnan Kannoorpatti ◽  
Mirjam Jonokman ◽  
...  
Keyword(s):  
Web Application ◽  
Web Applications ◽  
Operating Cycle ◽  
Web Application Security ◽  
Web Based ◽  
Business World ◽  
Application Security ◽  
Server Side ◽  
Combined Solution ◽  
Cross Site Request Forgery

Today’s contemporary business world has incorporated Web Services and Web Applications in its core of operating cycle nowadays and security plays a major role in the amalgamation of such services and applications with the business needs worldwide. OWASP (Open Web Application Security Project) states that the effectiveness of security mechanisms in a Web Application can be estimated by evaluating the degree of vulnerability against any of the nominated top ten vulnerabilities, nominated by the OWASP. This paper sheds light on a number of existing tools that can be used to test for the CSRF vulnerability. The main objective of the research is to identify the available solutions to prevent CSRF attacks. By analyzing the techniques employed in each of the solutions, the optimal tool can be identified. Tests against the exploitation of the vulnerabilities were conducted after implementing the solutions into the web application to check the efficacy of each of the solutions. The research also proposes a combined solution that integrates the passing of an unpredictable token through a hidden field and validating it on the server side with the passing of token through URL.  

Sign in / Sign up

Export Citation Format

Share Document