Browse > Article
http://dx.doi.org/10.22937/IJCSNS.2021.21.8.22

Security of Web Applications: Threats, Vulnerabilities, and Protection Methods  

Mohammed, Asma (Department of Computer Science, College of Computers and Information Technology, Taif University)
Alkhathami, Jamilah (Department of Computer Science, College of Computers and Information Technology, Taif University)
Alsuwat, Hatim (Department of Computer Science, College of Computer and Information Systems, Umm Al Qura University)
Alsuwat, Emad (Department of Computer Science, College of Computers and Information Technology, Taif University)
Publication Information
International Journal of Computer Science & Network Security / v.21, no.8, 2021 , pp. 167-176 More about this Journal
Abstract
This is the world of computer science and innovations. In this modern era, every day new apps, webs and software are being introduced. As well as new apps and software are being introduced, similarly threats and vulnerable security matters are also increasing. Web apps are software that can be used by customers for numerous useful tasks, and because of the developer experience of good programming standards, web applications that can be used by an attacker also have multiple sides. Web applications Security is expected to protect the content of critical web and to ensure secure data transmission. Application safety must therefore be enforced across all infrastructure, including the web application itself, that supports the web applications. Many organizations currently have a type of web application protection scheme or attempt to build/develop, but the bulk of these schemes are incapable of generating value consistently and effectively, and therefore do not improve developers' attitude in building/designing stable Web applications. This article aims to analyze the attacks on the website and address security scanners of web applications to help us resolve web application security challenges.
Keywords
web applications; threats; attacks; security;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Mohanty, S., Acharya, A. A., Mishra, D. B., & Panda, N. (2019). Security Testing of Web Applications UsingThreat Modeling: A Systematic Review. IJCSMC International Journal of Computer Science and Mobile Computing, 8(1), 50-57.
2 Ali, A. N. M. B. M., & Elshoush, H. T. Secure Web Application Service Detecting-XSS Attacks.
3 Andrian, R., & Fauzi, A. (2020). Security scanner for web applications case study: Learning management system. Jurnal Online Informatika, 4(2), 63-68.   DOI
4 Wibowo, R. M., & Sulaksono, A. (2021). Web Vulnerability Through Cross Site Scripting (XSS) Detection with OWASP Security Shepherd. Indonesian Journal of Information Systems, 3(2), 149-159.   DOI
5 Pratama, I. P. A. E. (2020). TCP SYN Flood (DoS) Attack Prevention Using SPI Method on CSF: A PoC. Bulletin of Computer Science and Electrical Engineering, 1(2), 63-72.   DOI
6 Khodayari, S., & Pellegrino, G. (2021). JAW: Studying Client-side CSRF with Hybrid Property Graphs and Declarative Traversals. In USENIX Security Symposium.
7 Akbar, M., & Ridha, M. A. F. (2018). SQL Injection and Cross Site Scripting Prevention using OWASP ModSecurity Web Application Firewall. JOIV: International Journal on Informatics Visualization, 2(4), 286-292.   DOI
8 Rahman, M. A., Amjad, M., Ahmed, B., & Siddik, M. S. (2020, January). Analyzing web application vulnerabilities: an empirical study on e-commerce sector in Bangladesh. In Proceedings of the international conference on computing advancements (pp. 1-6).
9 Awad, M., Ali, M., Takruri, M., & Ismail, S. (2019). Security vulnerabilities related to web-based data. Telkomnika, 17(2), 852-856.   DOI
10 Azad, B. A., Laperdrix, P., & Nikiforakis, N. (2019). Less is more: Quantifying the security benefits of debloating web applications. In 28th {USENIX} Security Symposium ({USENIX} Security 19) (pp. 1697-1714).
11 Fredj, O. B., Krichen, M., Hamam, H., & Derhab, A. (2020). An OWASP Top Ten Driven Survey on Web Application Protection Methods.
12 Jasmine, M. S., Devi, K., & George, G. (2017). Detecting XSS Based Web Application Vulnerabilities. International Journal of Computer Technology & Applications, 8(2), 291-297.
13 Malekar, V., & Ghode, S. A Review on Vulnerability Assessment and Penetration Testing Open Source Tools for Web Application Security.
14 Lee, T., Wi, S., Lee, S., & Son, S. (2020, February). FUSE: Finding File Upload Bugs via Penetration Testing. In 2020 Network and Distributed System Security Symposium. Network & Distributed System Security Symposium.
15 Zeebaree, S. R., Jacksi, K., & Zebari, R. R. (2020). Impact analysis of SYN flood DDoS attack on HAProxy and NLB cluster-based web servers. Indones. J. Electr. Eng. Comput. Sci, 19(1), 510-517.
16 Hassan, M. M., Nipa, S. S., Akter, M., Haque, R., Deepa, F. N., Rahman, M., ... & Sharif, M. H. (2018). Broken authentication and session management vulnerability: a case study of web application. International Journal of Simulation Systems, Science & Technology, 19(2), 6-1.
17 Mohammed, S. J., & Mehdi, S. A. (2020). Web application authentication using ZKP and novel 6D chaotic system. Indonesian Journal of Electrical Engineering and Computer Science, 20(3), 1522-1529.   DOI
18 Meng, W., Qian, C., Hao, S., Borgolte, K., Vigna, G., Kruegel, C., & Lee, W. (2018). Rampart: Protecting Web applications from CPUexhaustion denial-of-service attacks. In 27th {USENIX} Security Symposium ({USENIX} Security 18) (pp. 393-410).
19 Sonmez, F. O., & Kilic, B. G. (2021). Holistic Web Application Security Visualization for Multi-Project and Multi-Phase Dynamic Application Security Test Results. IEEE Access, 9, 25858-25884.   DOI
20 Meng, W., Qian, C., Hao, S., Borgolte, K., Vigna, G., Kruegel, C., & Lee, W. (2018). Rampart: Protecting Web applications from CPU-exhaustion denial-of-service attacks. In 27th {USENIX} Security Symposium ({USENIX} Security 18) (pp. 393-410).
21 Dietrich, C., Krombholz, K., Borgolte, K., & Fiebig, T. (2018, October). Investigating system operators' perspective on security misconfigurations. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (pp. 1272-1289).
22 Vamsi Mohan, V., & Malik, S. (2017). DEBUNKING OF COMMON.
23 Alma, T., & Das, M. L. (2020). Web Application Attack Detection using Deep Learning. arXiv preprint arXiv:2011.03181.
24 Darus, M. Y., Omar, M. A., Mohamad, M. F., Seman, Z., & Awang, N. (2020). Web vulnerability assessment tool for content management system. International Journal, 9(1.3).
25 Mateo Tudela, F., Bermejo Higuera, J. R., Bermejo Higuera, J., Sicilia Montalvo, J. A., & Argyros, M. I. (2020). On Combining Static, Dynamic and Interactive Analysis Security Testing Tools to Improve OWASP Top Ten Security Vulnerability Detection in Web Applications. Applied Sciences, 10(24), 9119.   DOI
26 Raveena, K., Elavarasi, K., & Kaaviyapriya, M. (2018). Survey-web application development.
27 Zech, P., Felderer, M., & Breu, R. (2019). Knowledge-based security testing of web applications by logic programming. International Journal on Software Tools for Technology Transfer, 21(2), 221-246.   DOI
28 Ranchal, R., Bhargava, B., Angin, P., & ben Othmane, L. (2018). Epics: A framework for enforcing security policies in composite web services. IEEE Transactions on Services Computing, 12(3), 415-428.   DOI
29 Esposito, D., Rennhard, M., Ruf, L., & Wagner, A. (2018). Exploiting the potential of web application vulnerability scanning. In ICIMP 2018 the Thirteenth International Conference on Internet Monitoring and Protection, Barcelona, Spain, 22-26 July 2018 (pp. 22-29). IARIA.
30 Rajakumaran, G., Venkataraman, N., & Mukkamala, R. R. (2020). Denial of Service Attack Prediction Using Gradient Descent Algorithm. SN Computer Science, 1(1), 1-8.   DOI
31 Dhivya, K., Kumar, P. P., Saravanan, D., & Pajany, M. (2018). Evaluation of Web Security Mechanisms Using Vulnerability & Sql Attack Injection. International Journal of Pure and Applied Mathematics, 119(14), 989-996.
32 Shahzad, F. (2017). Modern and responsive mobile-enabled web applications. Procedia Computer Science, 110, 410-415.   DOI
33 Biswas, S., Sajal, M. M. H. K., Afrin, T., Bhuiyan, T., & Hassan, M. M. (2018). A study on remote code execution vulnerability in web applications. In International Conference on Cyber Security and Computer Science (ICONCS 2018).
34 Xie, X., Ren, C., Fu, Y., Xu, J., & Guo, J. (2019). Sql injection detection for web applications based on elastic-pooling cnn. IEEE Access, 7, 151475-151481.   DOI