Analysis of vulnerabilities and security problems of web applications

Abstract

The article provides a comprehensive analysis of vulnerabilities, methods, tools and problems faced by web application security testing. The analysis of scientific research in the field of web application security testing revealed a significant interest of scientists in finding effective ways to minimize site security risks and vulnerabilities. It was found out that the list of the most common web application vulnerabilities includes: broken access control, cryptographic failures, misconfiguration of security, SQL and other injections, insecure design, identification and authentication errors, etc. Specific features of the security vulnerabilities of web applications are highlighted. The problems faced by automated tools for web security testing are separately considered, namely the development of automated tools for web security testing, the use of RIA (Rich Internet Application) web applications, and the use of insecure cryptographic storage. Web application security risks can be associated with the design phase, the development phase, the deployment phase, and the maintenance phase. It is security testing that is used to identify these risks of the web application, to investigate the vulnerabilities and weak points of the web application. The conducted analysis of security vulnerabilities, methods and problems of testing web applications revealed the presence of different approaches to protect software products. A combination of manual and automated web application security testing techniques is advisable, starting with automated security testing and complementing it with manual penetration testing. A comprehensive approach should integrate testing into all stages of the software development life cycle. Such approach helps to use the most appropriate and effective available methods for the current phase of software product development.