International Journal of Computer Science & Network Security

International Journal of Computer Science & Network Security (국제컴퓨터통신보호논문지학회)
권호 표지
DOI QR코드

DOI QR Code

Security of Web Applications: Threats, Vulnerabilities, and Protection Methods

  • Mohammed, Asma (Department of Computer Science, College of Computers and Information Technology, Taif University) ;
  • Alkhathami, Jamilah (Department of Computer Science, College of Computers and Information Technology, Taif University) ;
  • Alsuwat, Hatim (Department of Computer Science, College of Computer and Information Systems, Umm Al Qura University) ;
  • Alsuwat, Emad (Department of Computer Science, College of Computers and Information Technology, Taif University)
  • Received : 2021.08.05
  • Published : 2021.08.30
Download PDF
⟨ Previous Next ⟩

Abstract

This is the world of computer science and innovations. In this modern era, every day new apps, webs and software are being introduced. As well as new apps and software are being introduced, similarly threats and vulnerable security matters are also increasing. Web apps are software that can be used by customers for numerous useful tasks, and because of the developer experience of good programming standards, web applications that can be used by an attacker also have multiple sides. Web applications Security is expected to protect the content of critical web and to ensure secure data transmission. Application safety must therefore be enforced across all infrastructure, including the web application itself, that supports the web applications. Many organizations currently have a type of web application protection scheme or attempt to build/develop, but the bulk of these schemes are incapable of generating value consistently and effectively, and therefore do not improve developers' attitude in building/designing stable Web applications. This article aims to analyze the attacks on the website and address security scanners of web applications to help us resolve web application security challenges.

Keywords

References

  1. Sonmez, F. O., & Kilic, B. G. (2021). Holistic Web Application Security Visualization for Multi-Project and Multi-Phase Dynamic Application Security Test Results. IEEE Access, 9, 25858-25884. https://doi.org/10.1109/ACCESS.2021.3057044
  2. Zech, P., Felderer, M., & Breu, R. (2019). Knowledge-based security testing of web applications by logic programming. International Journal on Software Tools for Technology Transfer, 21(2), 221-246. https://doi.org/10.1007/s10009-017-0472-3
  3. Raveena, K., Elavarasi, K., & Kaaviyapriya, M. (2018). Survey-web application development.
  4. Dhivya, K., Kumar, P. P., Saravanan, D., & Pajany, M. (2018). Evaluation of Web Security Mechanisms Using Vulnerability & Sql Attack Injection. International Journal of Pure and Applied Mathematics, 119(14), 989-996.
  5. Shahzad, F. (2017). Modern and responsive mobile-enabled web applications. Procedia Computer Science, 110, 410-415. https://doi.org/10.1016/j.procs.2017.06.105
  6. Biswas, S., Sajal, M. M. H. K., Afrin, T., Bhuiyan, T., & Hassan, M. M. (2018). A study on remote code execution vulnerability in web applications. In International Conference on Cyber Security and Computer Science (ICONCS 2018).
  7. Mohanty, S., Acharya, A. A., Mishra, D. B., & Panda, N. (2019). Security Testing of Web Applications UsingThreat Modeling: A Systematic Review. IJCSMC International Journal of Computer Science and Mobile Computing, 8(1), 50-57.
  8. Azad, B. A., Laperdrix, P., & Nikiforakis, N. (2019). Less is more: Quantifying the security benefits of debloating web applications. In 28th {USENIX} Security Symposium ({USENIX} Security 19) (pp. 1697-1714).
  9. Ali, A. N. M. B. M., & Elshoush, H. T. Secure Web Application Service Detecting-XSS Attacks.
  10. Andrian, R., & Fauzi, A. (2020). Security scanner for web applications case study: Learning management system. Jurnal Online Informatika, 4(2), 63-68. https://doi.org/10.15575/join.v4i2.394
  11. Wibowo, R. M., & Sulaksono, A. (2021). Web Vulnerability Through Cross Site Scripting (XSS) Detection with OWASP Security Shepherd. Indonesian Journal of Information Systems, 3(2), 149-159. https://doi.org/10.24002/ijis.v3i2.4192
  12. Akbar, M., & Ridha, M. A. F. (2018). SQL Injection and Cross Site Scripting Prevention using OWASP ModSecurity Web Application Firewall. JOIV: International Journal on Informatics Visualization, 2(4), 286-292. https://doi.org/10.30630/joiv.2.4.107
  13. Rahman, M. A., Amjad, M., Ahmed, B., & Siddik, M. S. (2020, January). Analyzing web application vulnerabilities: an empirical study on e-commerce sector in Bangladesh. In Proceedings of the international conference on computing advancements (pp. 1-6).
  14. Rajakumaran, G., Venkataraman, N., & Mukkamala, R. R. (2020). Denial of Service Attack Prediction Using Gradient Descent Algorithm. SN Computer Science, 1(1), 1-8. https://doi.org/10.1007/s42979-019-0007-y
  15. Awad, M., Ali, M., Takruri, M., & Ismail, S. (2019). Security vulnerabilities related to web-based data. Telkomnika, 17(2), 852-856. https://doi.org/10.12928/telkomnika.v17i2.10484
  16. Khodayari, S., & Pellegrino, G. (2021). JAW: Studying Client-side CSRF with Hybrid Property Graphs and Declarative Traversals. In USENIX Security Symposium.
  17. Lee, T., Wi, S., Lee, S., & Son, S. (2020, February). FUSE: Finding File Upload Bugs via Penetration Testing. In 2020 Network and Distributed System Security Symposium. Network & Distributed System Security Symposium.
  18. Zeebaree, S. R., Jacksi, K., & Zebari, R. R. (2020). Impact analysis of SYN flood DDoS attack on HAProxy and NLB cluster-based web servers. Indones. J. Electr. Eng. Comput. Sci, 19(1), 510-517.
  19. Hassan, M. M., Nipa, S. S., Akter, M., Haque, R., Deepa, F. N., Rahman, M., ... & Sharif, M. H. (2018). Broken authentication and session management vulnerability: a case study of web application. International Journal of Simulation Systems, Science & Technology, 19(2), 6-1.
  20. Fredj, O. B., Krichen, M., Hamam, H., & Derhab, A. (2020). An OWASP Top Ten Driven Survey on Web Application Protection Methods.
  21. Jasmine, M. S., Devi, K., & George, G. (2017). Detecting XSS Based Web Application Vulnerabilities. International Journal of Computer Technology & Applications, 8(2), 291-297.
  22. Xie, X., Ren, C., Fu, Y., Xu, J., & Guo, J. (2019). Sql injection detection for web applications based on elastic-pooling cnn. IEEE Access, 7, 151475-151481. https://doi.org/10.1109/ACCESS.2019.2947527
  23. Malekar, V., & Ghode, S. A Review on Vulnerability Assessment and Penetration Testing Open Source Tools for Web Application Security.
  24. Meng, W., Qian, C., Hao, S., Borgolte, K., Vigna, G., Kruegel, C., & Lee, W. (2018). Rampart: Protecting Web applications from CPUexhaustion denial-of-service attacks. In 27th {USENIX} Security Symposium ({USENIX} Security 18) (pp. 393-410).
  25. Meng, W., Qian, C., Hao, S., Borgolte, K., Vigna, G., Kruegel, C., & Lee, W. (2018). Rampart: Protecting Web applications from CPU-exhaustion denial-of-service attacks. In 27th {USENIX} Security Symposium ({USENIX} Security 18) (pp. 393-410).
  26. Pratama, I. P. A. E. (2020). TCP SYN Flood (DoS) Attack Prevention Using SPI Method on CSF: A PoC. Bulletin of Computer Science and Electrical Engineering, 1(2), 63-72. https://doi.org/10.25008/bcsee.v1i2.7
  27. Mohammed, S. J., & Mehdi, S. A. (2020). Web application authentication using ZKP and novel 6D chaotic system. Indonesian Journal of Electrical Engineering and Computer Science, 20(3), 1522-1529. https://doi.org/10.11591/ijeecs.v20.i3.pp1522-1529
  28. Dietrich, C., Krombholz, K., Borgolte, K., & Fiebig, T. (2018, October). Investigating system operators' perspective on security misconfigurations. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (pp. 1272-1289).
  29. Vamsi Mohan, V., & Malik, S. (2017). DEBUNKING OF COMMON.
  30. Alma, T., & Das, M. L. (2020). Web Application Attack Detection using Deep Learning. arXiv preprint arXiv:2011.03181.
  31. Ranchal, R., Bhargava, B., Angin, P., & ben Othmane, L. (2018). Epics: A framework for enforcing security policies in composite web services. IEEE Transactions on Services Computing, 12(3), 415-428. https://doi.org/10.1109/tsc.2018.2797277
  32. Darus, M. Y., Omar, M. A., Mohamad, M. F., Seman, Z., & Awang, N. (2020). Web vulnerability assessment tool for content management system. International Journal, 9(1.3).
  33. Mateo Tudela, F., Bermejo Higuera, J. R., Bermejo Higuera, J., Sicilia Montalvo, J. A., & Argyros, M. I. (2020). On Combining Static, Dynamic and Interactive Analysis Security Testing Tools to Improve OWASP Top Ten Security Vulnerability Detection in Web Applications. Applied Sciences, 10(24), 9119. https://doi.org/10.3390/app10249119
  34. Esposito, D., Rennhard, M., Ruf, L., & Wagner, A. (2018). Exploiting the potential of web application vulnerability scanning. In ICIMP 2018 the Thirteenth International Conference on Internet Monitoring and Protection, Barcelona, Spain, 22-26 July 2018 (pp. 22-29). IARIA.