A Survey on Web Application Security
DOI:
https://doi.org/10.32628/CSEIT206543Keywords:
Input Validation; Open Web Application Security (OWASP); Vulnerability AssessmentAbstract
Web application security has become real concern due to increase in attacks and data breaches. As Application becomes critical, complex and connected, the difficulty of achieving application security increases exponentially. Also there are tools and techniques to detect such attacks, threat and vulnerabilities that exist in application which developer prevent and mitigate the risk associated to it. This paper evaluates various web application attack detection mechanisms and how resistant they are against various attacking techniques. Such an evaluation is important for not only measuring the available attack defense against web application attacks but also identifying gaps to build effective solutions for different defense techniques on web application and use it for study. Based on the research, the limitations of these application attack detection techniques are identified and remedies proposed for improving the current state attack detection on web applications.
References
- Holik, S. Neradova, “Vulnerabilities of Modern Web Applications, MIPRO 2017”, May 22- 26, 2017, Opatija, Croatia
- Ashikali M Hasan, “Perusal of Web Application Security Approach”, 2017 International Conference on Intelligent Communication and Computational Techniques (ICCT) Manipal University Jaipur, Dec 22-23, 2017
- Alenezi, Javed, Y., “Open source web application security: A static analysis approach,” in: 2016 International Conference on Engineering MIS (ICEMIS). pp. 1–5 (Sept 2016)
- Rafique, Humayun, M., Hamid, B., Abbas, A., Akhtar, Iqbal, K., “Web application security vulnerabilities detection approaches: A systematic mapping study,” in: 2015 IEEE/ACIS
- Cova, V. Felmetsger, and G. Vigna, “Vulnerability Analysis of Web Applications, in Testing and Analysis of Web Services”, L. Baresi and E. Dinitto, Eds. Springer, 2007.
- Sohn, Ryoo, J., “Securing web applications with better patches: An architectural approach for systematic input validation with security patterns,” in: 2015 10th International Conference on Availability, Reliability and Security. pp. 486–492 (Aug 2015)
- Marcelo Invert Palma Salas, "Security Testing Methodology for Evaluation of Web Services Robustness - Case: XML Injection”, Paulo Lício de Geus, Eliane Martins Institute of Computing, UNICAMP, Campinas, Brazil, 2015
- Mao, N. Li, and I. Molloy, “Defeating cross-site request forgery attacks with browser-enforced authenticity protection,” in FC’09: 13 th International Conference on Financial Cryptography and Data Security, 2009, pp. 238–255
- Zhou L, J. Ping, H. Xiao, Z. Wang, GeguangPu, and Z. Ding, “Automatically Testing Web Services Choreography with Assertions, In Proceedings of the 12th international Conference on Formal Engineering Methods and Software Engineering. ICFEM’10”. Springer-Verlag, Berlin, Heidelberg, 2010.
- Hakim, Sellami, A., Abdallah, H.B., “Evaluating security in web application design using functional and structural size measurements,” in: 2016 Joint Conference of the International Workshop on Software Measurement and the International Conference on Software Process and Product Measurement (IWSM-MENSURA). pp. 182–190 (Oct 2016)
- Daniel Nations, "Improve Your Understanding of Web Applications,lifewire.com”, 17 October 2016 ..
- OWASP Secure Coding Practices, "OWASP Secure Coding Practices - Quick Reference Guide", 11 May 2017.
- WHITEHAT SECURITY, INC., "Web Applications Security Statistics Report 2016," WHITEHAT SECURITY, INC., 2016.
- Danny Allan, strategic research analyst,IBM Software Group, "Web application security:automated scanning versus manual penetration testing", IBM Software Group , January 2008.
Downloads
Published
Issue
Section
License
Copyright (c) IJSRCSEIT
This work is licensed under a Creative Commons Attribution 4.0 International License.