Analysis of Automated Web Application Security Vulnerabilities Testing

Touseef, Pariwish; Alam, Khubaib Amjad; Jamil, Abid; Tauseef, Hamza; Ajmal, Sahar; Asif, Rimsha; Rehman, Bisma; Mustafa, Sumaira

doi:10.1145/3341325.3342032

Cited by 11 publications

(5 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Secure software coding challenges SSC is not as simple as it seems to be, various challenges are faced during this process. Some critical challenges involved in SSC are listed below [38][39][40][41][42][43][44][45][46][47][48][49][50] :…”

Section: 2mentioning

confidence: 99%

“…SSC is not as simple as it seems to be, various challenges are faced during this process. Some critical challenges involved in SSC are listed below 38‐50 : Injection, Broken authentication and session management, Cross‐site scripting Insecure direct object reference, Security misconfiguration, Sensitive data exposure, Missing function level access control, Cross‐site request forgery, Using components with know vulnerabilities, Invalidated redirects and forwards, Data validation, Authentication, Session management, Authorization, Cryptography, Error handling, Logging, Security configuration, Network architecture. …”

Section: Motivation and Related Reviewmentioning

confidence: 99%

See 1 more Smart Citation

Toward a readiness model for secure software coding

et al. 2022

View full text Add to dashboard Cite

The heart of the application's secure operation is its software code. If the code contains flaws, the entire program might be hacked. The issue with software vulnerabilities is that they reveal coding flaws that hackers could exploit. The prevention of cybersecurity issues begins with the program code itself. When writing software code, a software developer must consider expressing the application's architecture and design requirements, keeping the code streamlined and efficient, and ensuring the code is safe. Secure code helps save the system from various cyber-attacks by eliminating the weaknesses that many hacks rely on. To assist the software organization in Secure Software Coding (SSC), this article proposes a readiness model for SSC, namely SSCRM. The proposed model has five levels; SSC challenges and best practices (BP) are mapped at each level. The proposed model will help the organizations better understand SSC challenges and BPs and provide a roadmap for developing secure software code. The proposed model was evaluated using three case studies. The findings demonstrate that the proposed approach helps determine an organization's SSC level.

show abstract

Section: 2mentioning

confidence: 99%

Section: Motivation and Related Reviewmentioning

confidence: 99%

Toward a readiness model for secure software coding

et al. 2022

View full text Add to dashboard Cite

show abstract

“…A vulnerability scanner is a software application that assesses security vulnerabilities in networks or host systems and creates a bunch of scan results that are frequently utilized to set vulnerability evaluation particularly during the process of development [7][8][9][10]. Usually, vulnerability scanner detects vulnerabilities that are originated from vendors, system administration activities, or general activities by users.…”

Section: 2vulnerability Scannermentioning

confidence: 99%

Development of a browser extension for web application vulnerability detection, avoidance, and secure browsing (VDAS)

Buja¹,

Khairuddin²,

Deraman³

et al. 2021

IJATEE

View full text Add to dashboard Cite

“…Kwiatkowska et al [6] highlighted the significance of each tired of the web, mainly security with its service point and sufficient security check at the service point. Touseef et al [7] proposed a complete study of web vulnerability measuring and recognizing relevant datasets. Khera et al [8] examined and presented the lifecycle of the VAPT process and VAPT tools.…”

Section: Related Workmentioning

confidence: 99%

Penetration Testing Analysis with Standardized Report Generation

Barik¹,

Abirami²,

Das³

et al. 2021

Atlantis Highlights in Computer Sciences

View full text Add to dashboard Cite

Penetration testing is a mirrored cyber-attack defined for identifying vulnerabilities and flaws in a computer system/Network/Web application-the organization appoints experts to conduct the test and present the details for deeper interpretation. One of the critical components of securing the network is to perform penetration tests of the network and web applications. In this paper, the industry-known OWASP (Open Web Application Security Project) vulnerability tool and three vulnerable web applications in a lab setup are explored and presented with a detailed analysis. Further, three penetration test reports are selected, and comprehensive analysis and reports are generated from the proposed setup. After the observation, it's understood that there is a lack of standardization format of the penetration testing reports. Therefore, this paper presents a format that will cater to the understanding of domain knowledge experts, decision-making bodies, and board members of the top executives of an organization for making further decisions on improving the robustness of their network and web applications.

show abstract

Analysis of Automated Web Application Security Vulnerabilities Testing

Cited by 11 publications

References 20 publications

Toward a readiness model for secure software coding

Toward a readiness model for secure software coding

Development of a browser extension for web application vulnerability detection, avoidance, and secure browsing (VDAS)

Penetration Testing Analysis with Standardized Report Generation

Contact Info

Product

Resources

About