Abstract
Hardly a facet of human life is not influenced by the Internet due to the continuous proliferation in the Internet facilities, usage, speed, user friendly browsing, global access, etc. At flip side, hackers are also attacking this digital world with new tactics and techniques through exploiting the web application vulnerabilities. The analysis of these vulnerabilities is of paramount importance in direction to secure social digital world. It can be carried out in two ways. First, manual analysis which is error prone due to the human nature of forgiveness, dynamic change in technology and fraudulence attack techniques. Second, through the existing web application vulnerability scanners that sometime may suffer from generating false alarm rate. Hence, there is a need to develop a framework that can detect different levels of vulnerabilities, ranging from client side vulnerabilities, communication side vulnerabilities to server side vulnerabilities. This paper has carried out the literature survey in direction of identifying the new attack vectors, vulnerabilities, detection mechanism, research gaps and new working areas in same field. Continuous improvement in framework is easy. Hence, a framework is proposed to overcome the identified research gap.
Highlights
As per the report of CERT-in, over fifty three thousand eighty one security incidents were handled including twenty nine thousand five hundred and eighteen website defacements in 2017 [1]
Web application vulnerability analysis is the field of current research having broad scope in field of code vulnerability analysis, train developers and users to be secure, identifying new attack trends, etc
Ontology Ontology based technique used in based existing web application vulnerability Techniques scanners identifies the relation between code logic, tokens of snippet and its properties
Summary
As per the report of CERT-in, over fifty three thousand eighty one security incidents were handled including twenty nine thousand five hundred and eighteen website defacements in 2017 [1]. The internet is teemed with attackers having malicious and criminal intentions and approaches novice users by newly invented attack vectors to compromise the security. Continuous efforts are required to identify the attack process, intention and solutions of these newly formed attack vectors. In this direction, profitable and non profitable consortiums, groups or agencies are working. It requires continuous efforts to scan all databases and summarize the solutions to make update the vulnerability database definition of the existing scanners. It only can be done by the developer or provider of the scanner. Proposed framework can incorporate the detection solutions of new identified attack scenarios and vulnerabilities
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
