A Survey on Detection and Prevention of Web Vulnerabilities

Noman, Muhammad; Iqbal, Muhammad; Manzoor, Amir

doi:10.14569/ijacsa.2020.0110665

Cited by 7 publications

(4 citation statements)

References 89 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…These include normal, error-based double query, and blind injection techniques, empowering attackers to manipulate database queries and potentially compromise sensitive data. It underscores the importance of robust security measures such as code audits, input validation, and the adoption of secure coding practices to mitigate these threats effectively [3], [4]. High detection accuracy machine language algorithms (MLA) can guarantee detection being achieved in real-time [5].…”

Section: Related Workmentioning

confidence: 99%

Detecting vulnerabilities in website using multiscale approaches: based on case study

Chowdhury,

Rahman,

Rahman

2024

IJECE

View full text Add to dashboard Cite

In the realm of modern web applications, security stands as an utmost priority. To address this critical concern, we've developed a versatile Python script with the primary goal of proactively identifying vulnerabilities and thwarting transient attacks. Leveraging various libraries, this tool comprehensively covers a broad spectrum of threats, including SQL injection (SQLi), cross-site scripting (XSS), cross-site request forgery (CSRF), sensitive data leakage, security misconfiguration, distributed denial-of-service (DDoS) vulnerabilities, and secure socket layer (SSL) or transport layer security (TLS). This Python-based solution prioritizes adaptability, ensuring seamless integration of future updates to effectively combat evolving threats. Utilizing innovative methods such as SQLi and XSS payload injection, the script assesses the susceptibility of input fields. And addressing CSRF vulnerabilities, the script generates and validates tokens, fortifying defenses against unauthorized actions. Employing pattern analysis, it combats sensitive data exposure and security misconfigurations, adeptly identifying elements like credit card numbers, passwords, and headers. Furthermore, the script enhances overall security by scrutinizing SSL/TLS protocols and monitoring port accessibility. It reinforces DDoS detection by actively monitoring traffic patterns, identifying anomalies, and proactively averting disruptions.

show abstract

Section: Related Workmentioning

confidence: 99%

Detecting vulnerabilities in website using multiscale approaches: based on case study

Chowdhury,

Rahman,

Rahman

2024

IJECE

View full text Add to dashboard Cite

show abstract

“…Manual code analysis in the security context involves performing code vulnerability checks during peer code reviews [10]. Automated code analysis at the development stage is performed using static analysis tools that scan the code for vulnerabilities without executing the code [11], [13], [26].…”

Section: Development Phasementioning

confidence: 99%

Secure Software Development Lifecycle: A Case for Adoption in Software Smes

Umeugo¹

2023

ijarcs

View full text Add to dashboard Cite

Software is widely deployed and used for managing critical daily domestic, social, and economic activities. Due to software’s economic value, software is a high-value target of malicious actors and a primary source of many information security vulnerabilities. Software must be engineered to be secure because of its value. Traditional approaches to software security treat software as an addon and have been proven inadequate at producing secure software. Practicing the secure software development lifecycle (SSDLC) is recommended in academic literature. Software SMEs must adopt and practice the SSDLC for increased security of published software. This paper explores the SSDLC and makes a case for its adoption with the goal of informing security decision-makers of Software SMEs.

show abstract

“…Amir Manzor et al [26] presented a literature survey recapitulating security solutions and major vulnerabilities to promote further research by establishing a system of the existing methods on a bigger horizon. They suggested that there is no way to alleviate all the web vulnerabilities; therefore, further study is desirable in web information security.…”

Section: Literature Reviewmentioning

confidence: 99%

A Comparative Study of Web Application Security Parameters: Current Trends and Future Directions

Shahid

Hameed²,

Javed

et al. 2022

Applied Sciences

View full text Add to dashboard Cite

The growing use of the internet has resulted in an exponential rise in the use of web applications. Businesses, industries, financial and educational institutions, and the general populace depend on web applications. This mammoth rise in their usage has also resulted in many security issues that make these web applications vulnerable, thereby affecting the confidentiality, integrity, and availability of associated information systems. It has, therefore, become necessary to find vulnerabilities in these information system resources to guarantee information security. A publicly available web application vulnerability scanner is a computer program that assesses web application security by employing automated penetration testing techniques that reduce the time, cost, and resources required for web application penetration testing and eliminates test engineers’ dependency on human knowledge. However, these security scanners possess various weaknesses of not scanning complete web applications and generating wrong test results. Moreover, intensive research has been carried out to quantitatively enumerate web application security scanners’ results to inspect their effectiveness and limitations. However, the findings show no well-defined method or criteria available for assessing their results. In this research, we have evaluated the performance of web application vulnerability scanners by testing intentionally defined vulnerable applications and the level of their respective precision and accuracy. This was achieved by classifying the analyzed tools using the most common parameters. The evaluation is based on an extracted list of vulnerabilities from OWASP (Open Web Application Security Project).

show abstract

A Survey on Detection and Prevention of Web Vulnerabilities

Cited by 7 publications

References 89 publications

Detecting vulnerabilities in website using multiscale approaches: based on case study

Detecting vulnerabilities in website using multiscale approaches: based on case study

Secure Software Development Lifecycle: A Case for Adoption in Software Smes

A Comparative Study of Web Application Security Parameters: Current Trends and Future Directions

Contact Info

Product

Resources

About